Microsoft Graph Mail

With these apps, you can automatically trigger a Playbook once you receive an email in a phishing mailbox in Office 365. The Playbook will then parse the email and any attachments and orchestrate an investigation of the email using a combination of ThreatConnect intelligence, ThreatConnect’s CAL, malware analysis tools, and data enrichment sources.  If the email is suspicious or requires further remediation, ThreatConnect can create a Case leveraging our new Workflow feature and assign it to an analyst for further investigation and remediation.
The Microsoft Graph Mail Message Playbook App allows for the following actions:

• Get Message – Get a message by folder path and message ID.
• Parse Message – Parses the notification data delivered by a subscription alert for an email.
• List Messages – List messages in a folder based on any filter criteria that are provided. The list will be unsorted, and only the first 100 results will be returned.
• List Message Attachments – List all of the attachment IDs to a message in graph.message.attachments.list.
• Copy Message – Copy a message to a new destination folder.
• Move Message -Move a message to a new destination folder.
• Update Message -Update message values.

The Microsoft Graph Mail Messages Service App monitors mailboxes for new mail and calls a playbook trigger for each mail in the mailbox. The triggered playbook is expected to move the mail to another mailbox during processing; otherwise the mail may be reprocessed during the next check interval.

These apps can be found in the ThreatConnect App Catalog under the following names: Microsoft Graph Mail Messages and Microsoft Graph Mail Messages Service