ThreatConnect has released a Playbook App and a Service App for joint Microsoft Exchange customers to leverage Microsoft Exchange Web Services (EWS). With these integrations, you can automate email investigation and response actions with Microsoft Exchange using the Microsoft EWS API. The EWS Service App pulls messages from an Exchange mailbox on a set schedule into a target folder for processing, while the EWS Playbook App allows you to automatically monitor emails for attacks and orchestrate a response within ThreatConnect.
- The EWS Playbook App integration allows these automated actions:
- Get Attachment – Action to retrieve a suspicious or flagged email attachment
- Get Message – Action to retrieve a suspicious or flagged email message
- Move Message – Action to move a suspicious or flagged message into a target folder for investigation
- Delete Message – Action to remove a suspicious or flagged message
- Search Mailboxes – Search specific email accounts for messages or attachments that breach policy or are flagged as suspicious
- The EWS Service App allows the following actions:
- Pull Exchange email messages on a schedule
- Put emails in a target folder for processing
Through this integration, the following capabilities are now available:
Monitor Specific Email Accounts
- Monitoring email accounts for phishing attacks, spam and malware is a routine part of keeping your organization safe. With this integration, automate the search of specific email accounts for messages that breach policy or have been previously flagged as malicious during an investigation.
Isolate Compromised Emails and Attachments
- Automate the action of pulling emails into a targeted folder at regularly scheduled intervals. When a phishing email is detected, ThreatConnect can create a Case leveraging our Workflow feature and assign it for further investigation and remediation.
Together, ThreatConnect and Microsoft EWS help security teams quickly detect and respond to email phishing, spam, and malware attacks from ThreatConnect. If you’re a ThreatConnect customer, please reach out to your dedicated Customer Success Team for more information on deploying the Microsoft EWS Apps. If you’re not yet a customer and are interested in ThreatConnect and these integrations, please contact us at firstname.lastname@example.org.