G Suite for Gmail Search and Purge

Description

Accepts an Internet Message ID, searches for its presence in up to 500 mailboxes, and then deletes the ones it finds. GMail does not have a "soft-delete" option, messages run through the Message Eviction playbook will be permanently deleted.

Type: Response
Product: Splunk SOAR
Apps: G Suite for GMail
Last Updated: 2024-02-19
Author: Lou Stella, Splunk
ID: 5294d3bd-e9c4-4bfa-b051-92cacd0ff925
Use-cases:
- Phishing

Associated Detections

How To Implement

This input playbook requires the G Suite for GMail connector to be configured. It is designed to work in environments that posess a maximum of 500 mailboxes at this time, due to a limitation in the G Suite for GMail connector.

D3FEND

ID	Technique	Definition	Category
D3-ER	Email Removal	The file removal technique deletes malicious artifacts or programs from a computer system.	File Eviction

D3-IAA

Identifier Activity Analysis

Taking known malicious identifiers and determining if they are present in a system.

Identifier Analysis

Explore Playbook

Required field

Reference

source | version: 1

Twitter Facebook LinkedIn

G Suite for Gmail Search and Purge

Description

Associated Detections

How To Implement

D3FEND

Explore Playbook

Required field

Reference

You May Also Enjoy

O365 New Forwarding Mailflow Rule Created

Okta Successful Single Factor Authentication

Windows Unsigned MS DLL Side-Loading

Windows Rename System Utilities Agentexecutor exe LOLBAS in Non Standard Path