MS Graph for Office 365 Search and Purge
Description
Accepts an Internet Message ID, searches for its presence in each mailbox in the tenant, and then deletes the ones it finds. Microsoft does have a "soft-delete" option, messages run through the Message Eviction playbook will be recoverable.
- Type: Response
- Product: Splunk SOAR
- Apps: MS Graph for Office 365
- Last Updated: 2024-02-03
- Author: Lou Stella, Splunk
- ID: 5112d6ad-a8c4-47ed-b831-928ac1dff716
- Use-cases:
- Phishing
Associated Detections
How To Implement
This input playbook requires the MS Graph for Office365 connector to be configured. Careful attention should be paid to the documentation for this connector's required permissions.
D3FEND
ID | Technique | Definition | Category |
---|---|---|---|
D3-ER | Email Removal | The file removal technique deletes malicious artifacts or programs from a computer system. | File Eviction |
D3-IAA | Identifier Activity Analysis | Taking known malicious identifiers and determining if they are present in a system. | Identifier Analysis |
Explore Playbook
Required field
Reference
source | version: 1