Phishing - Search Related Incidents (Defender 365)
This playbook should only be used as a sub-playbook inside the "Phishing - Handle Microsoft 365 Defender Results" playbook. It searches through existing Cortex XSOAR incidents based on retrieved email message IDs and returns data only for emails that are not found in existing incidents.
Phishing · 8 tasks · 1 input · 4 outputs
Inputs
RetrievedEmails— Emails retrieved by the "Microsoft 365 Defender - Threat Hunting Generic" playbook.
Outputs
EmailFilesRetrieval.Subject— The subject of the emails to be retrieved.EmailFilesRetrieval.InternetMessageId— The Message-ID of the emails to be retrieved.EmailFilesRetrieval.RecipientEmailAddress— The recipient email address of the emails to be retrieved.EmailFilesRetrieval— An object containing the subject, internet message ID, and recipient email address of the emails to be retrieved.