Google

With the Google Calendar Playbook app, you can quickly query calendars for free time and scheduling a meeting. This often happens as part of a security investigation as an incident escalates or handoff event. An analyst can check availability on a shared calendar and then use the Create Meeting action to add a new meeting during an available window to keep the case moving along. This will help security teams save time and work more efficiently through investigations. 

The following actions are available:

• Create Meeting - Inserts a meeting with attendees on the Meeting Owner's calendar.
• Query Free Time - Retrieves free time for all attendees.

This app can be found in the ThreatConnect App Catalog under the name: Google Calendar

With the Google Drive Playbook app, you can easily drive investigations and automate actions for folders and files within the Google suite. Easily automate tasks like creating a new directory on Google Drive to store related evidence or artifacts, or copying a document over to store and update during the investigation.

The following actions are available:

• Create Directory - Creates a new directory (folder) in Google Drive.
• Copy File - Copies an existing file into a new directory.

This app can be found in the ThreatConnect App Catalog under the name: Google Drive

With the Google Gmail integration you can easily integrate with Gmail so that you can automate email investigation and response actions by ingesting Gmail messages into ThreatConnect to orchestrate phishing triage and investigative actions.

The following actions are available:

• Delete Messages - This action allows the user to permanently delete one or more messages.
• Get Attachment - Retrieve an attachment by attachment ID.
• Get Message- Retrieve a message by its message ID.
• Add Labels - Add labels to one or many messages.
• Remove Labels - Remove labels from one or many messages.

This app can be found in the ThreatConnect App Catalog under the name: Google Gmail