IBM Security QRadar SOAR

 View Only

  • 1.  Microsoft Exchange App Mailbox Info

    Posted Fri October 25, 2019 08:55 AM
    Anyone know if there is a way to pull back additional information with the "Get Mailbox Info" function for the MS Exchange App (https://exchange.xforce.ibmcloud.com/hub/extension/26b8726f3320b1de10ad2c252930b0df)

    Specifically, the default script pulls limited fields.  Can we pull DisplayName, Size, etc.....?

    I assume we would need to modify the results, but not really sure.

    info = info[0]
    results = {
    "name": info.name,
    "email_address": info.email_address,
    "routing_type": info.routing_type,
    "mailbox_type": info.mailbox_type,
    "success": True
    }

    ------------------------------
    Brian Coleman
    ------------------------------


  • 2.  RE: Microsoft Exchange App Mailbox Info

    Posted Fri October 25, 2019 01:00 PM
    Edited by Ihor Husar Fri October 25, 2019 01:26 PM
    Edited: Duplication of the message
    -- See the response below --


  • 3.  RE: Microsoft Exchange App Mailbox Info

    Posted Fri October 25, 2019 01:00 PM
    Hello Brian,
    There is not a way to do this with the current implementation.
    Unfortunately, Exchange on-prem integrations is not scheduled for development any time soon, but let me point you in the right direction in case you'd like to add this capability yourself.
    The reason that data isn't accessible, is because "Get Mailbox Info" gets information from current schema:
    https://docs.microsoft.com/en-us/exchange/client-developer/web-service-reference/mailbox
    The schema where the information you're interested in resides is:
    https://docs.microsoft.com/en-us/exchange/client-developer/web-service-reference/mailboxstat

    The integration doesn't have support for it, but it seems that the underlying exchangelib python library has "GetSearchableMailboxes" class (with an example on PyPi) that might be useful for adding such capability.

    ------------------------------
    Ihor Husar
    Resilient Integrations
    ------------------------------

    Original Message