MS Graph for Office365 Search and Restore

Description

Accepts an Internet Message ID and an email mailbox, searches for the Message ID's presence in each mailbox's recoverable deleted items, and then restores the ones it finds.

Type: Response
Product: Splunk SOAR
Apps: MS Graph for Office 365
Last Updated: 2024-02-15
Author: Lou Stella, Splunk
ID: 511236ad-a8c4-47ed-b631-928ab1dff71a
Use-cases:
- Phishing

Associated Detections

How To Implement

This input playbook requires the MS Graph for Office365 connector to be configured. Careful attention should be paid to the documentation for this connector's required permissions.

D3FEND

ID	Technique	Definition	Category
D3-RE	Restore Email	Restoring a file for an entity to access.	Restore Object

MS Graph for Office365 Search and Restore

Description

Associated Detections

How To Implement

D3FEND

Explore Playbook

Required field

Reference

You May Also Enjoy

O365 New Forwarding Mailflow Rule Created

Okta Successful Single Factor Authentication

Windows Unsigned MS DLL Side-Loading

Windows Rename System Utilities Agentexecutor exe LOLBAS in Non Standard Path