Try in Splunk SOAR


Accepts an internet message id, and asks Microsoft for a list of users with mailboxes to search, and then searches each one to look for records that have a matching internet message id. It then produces a normalized output and summary table.

  • Type: Investigation
  • Product: Splunk SOAR
  • Apps: MS Graph for Office 365
  • Last Updated: 2024-02-03
  • Author: Lou Stella, Splunk
  • ID: 5292d6ad-e9c4-4bfd-b831-928ac1dff816
  • Use-cases:
    • Phishing

Associated Detections

How To Implement

This input playbook requires the MS Graph for Office 365 connector to be configured.


ID Technique Definition Category
D3-IAA Identifier Activity Analysis Taking known malicious identifiers and determining if they are present in a system. Identifier Analysis

Explore Playbook


Required field


source | version: 1