G Suite for GMail Message Identifier Activity Analysis
Description
Accepts an internet message id, and asks Gmail for a list of mailboxes to search, and then searches each one to look for records that have a matching internet message id. It then produces a normalized output and summary table.
- Type: Investigation
- Product: Splunk SOAR
- Apps: G Suite for GMail
- Last Updated: 2023-05-12
- Author: Lou Stella, Splunk
- ID: 5299d6dd-e9c4-4afa-b051-928ace0ff816
- Use-cases:
- Phishing
Associated Detections
How To Implement
This input playbook requires the G Suite for GMail connector to be configured. It is designed to work in environments that posess a maximum of 500 mailboxes at this time, due to a limitation in the G Suite for GMail connector.
D3FEND
ID | Technique | Definition | Category |
---|---|---|---|
D3-IAA | Identifier Activity Analysis | Taking known malicious identifiers and determining if they are present in a system. | Identifier Analysis |
Explore Playbook
Required field
Reference
source | version: 1