Skip to main content
Download the Buyer’s Guide for Cyber Risk Quantification Solutions
Download Guide
Request a Demo

ThreatConnect and Microsoft EWS: Optimize Email Security with Automation

ThreatConnect has released a Playbook App and a Service App for joint Microsoft Exchange customers to leverage Microsoft Exchange Web Services (EWS).  With these integrations, you can automate email investigation and response actions with Microsoft Exchange using the Microsoft EWS API. The EWS Service App pulls messages from an Exchange mailbox on a set schedule into a target folder for processing, while the EWS Playbook App allows you to automatically monitor emails for attacks and orchestrate a response within ThreatConnect.

ThreatConnect and Microsoft EWS: Optimize Email Security with Automation

Microsoft EWS


  • The EWS Playbook App integration allows these automated actions:
    • Get Attachment – Action to retrieve a suspicious or flagged email attachment
    • Get Message – Action to retrieve a suspicious or flagged email message
    • Move Message – Action to move a suspicious or flagged message into a target folder for investigation
    • Delete Message – Action to remove a suspicious or flagged message
    • Search Mailboxes – Search specific email accounts for messages or attachments that breach policy or are flagged as suspicious
  • The EWS Service App allows the following actions:
    • Pull Exchange email messages on a schedule
    • Put emails in a target folder for processing


Through this integration, the following capabilities are now available: 

Monitor Specific Email Accounts

  • Monitoring email accounts for phishing attacks, spam and malware is a  routine part of keeping your organization safe. With this integration, automate the search of specific email accounts for messages that breach policy or have been previously flagged as malicious during an investigation. 

Isolate Compromised Emails and Attachments

  • Automate the action of pulling emails into a targeted folder at regularly scheduled intervals. When a phishing email is detected, ThreatConnect can create a Case leveraging our Workflow feature and assign it for further investigation and remediation. 

Together, ThreatConnect and Microsoft EWS help security teams quickly detect and respond to email phishing, spam, and malware attacks from ThreatConnect. If you’re a ThreatConnect customer, please reach out to your dedicated Customer Success Team for more information on deploying the Microsoft EWS Apps. If you’re not yet a customer and are interested in ThreatConnect and these integrations, please contact us at


About the Author


By operationalizing threat and cyber risk intelligence, The ThreatConnect Platform changes the security operations battlefield, giving your team the advantage over the attackers. It enables you to maximize the efficacy and value of your threat intelligence and human knowledge, leveraging the native machine intelligence in the ThreatConnect Platform. Your team will maximize their impact, efficiency, and collaboration to become a proactive force in protecting the enterprise. Learn more at