ThreatConnect and Microsoft EWS: Optimize Email Security with Automation

ThreatConnect has released a Playbook App and a Service App for joint Microsoft Exchange customers to leverage Microsoft Exchange Web Services (EWS).  With these integrations, you can automate email investigation and response actions with Microsoft Exchange using the Microsoft EWS API. The EWS Service App pulls messages from an Exchange mailbox on a set schedule into a target folder for processing, while the EWS Playbook App allows you to automatically monitor emails for attacks and orchestrate a response within ThreatConnect.

ThreatConnect and Microsoft EWS: Optimize Email Security with Automation

Microsoft EWS

 

  • The EWS Playbook App integration allows these automated actions:
    • Get Attachment – Action to retrieve a suspicious or flagged email attachment
    • Get Message – Action to retrieve a suspicious or flagged email message
    • Move Message – Action to move a suspicious or flagged message into a target folder for investigation
    • Delete Message – Action to remove a suspicious or flagged message
    • Search Mailboxes – Search specific email accounts for messages or attachments that breach policy or are flagged as suspicious
  • The EWS Service App allows the following actions:
    • Pull Exchange email messages on a schedule
    • Put emails in a target folder for processing

 

Through this integration, the following capabilities are now available: 

Monitor Specific Email Accounts

  • Monitoring email accounts for phishing attacks, spam and malware is a  routine part of keeping your organization safe. With this integration, automate the search of specific email accounts for messages that breach policy or have been previously flagged as malicious during an investigation. 

Isolate Compromised Emails and Attachments

  • Automate the action of pulling emails into a targeted folder at regularly scheduled intervals. When a phishing email is detected, ThreatConnect can create a Case leveraging our Workflow feature and assign it for further investigation and remediation. 

Together, ThreatConnect and Microsoft EWS help security teams quickly detect and respond to email phishing, spam, and malware attacks from ThreatConnect. If you’re a ThreatConnect customer, please reach out to your dedicated Customer Success Team for more information on deploying the Microsoft EWS Apps. If you’re not yet a customer and are interested in ThreatConnect and these integrations, please contact us at sales@threatconnect.com.

 

Ellie Proudler
About the Author
Ellie Proudler

Ellie Proudler is a Product Marketing Manager at ThreatConnect. She has spent the majority of her career in product development, working closely with cross-functional teams to develop strategies and content that personalize the customer experience. Ellie lives in Indianapolis, and outside of work she enjoys biking the city’s many greenways and trails with her family.