MS Graph for Office 365 Message Identifier Activity Analysis
Description
Accepts an internet message id, and asks Microsoft for a list of users with mailboxes to search, and then searches each one to look for records that have a matching internet message id. It then produces a normalized output and summary table.
- Type: Investigation
- Product: Splunk SOAR
- Apps: MS Graph for Office 365
- Last Updated: 2024-02-03
- Author: Lou Stella, Splunk
- ID: 5292d6ad-e9c4-4bfd-b831-928ac1dff816
- Use-cases:
- Phishing
Associated Detections
How To Implement
This input playbook requires the MS Graph for Office 365 connector to be configured.
D3FEND
ID | Technique | Definition | Category |
---|---|---|---|
D3-IAA | Identifier Activity Analysis | Taking known malicious identifiers and determining if they are present in a system. | Identifier Analysis |
Explore Playbook
Required field
Reference
source | version: 1