IBM Security QRadar SOAR

Hi,

I am new to Resilient and I noticed on the App Exchange the "Microsoft Exchange Online Integration for Resilient" App.
I can see the App offers much more possibilities but it can also fetch emails.  Does this mean I don't have to use the email connection (from the Organization tab) and rely only on this App?
In what kind of scenarios would I use one or the other?

Thanks for your help.

------------------------------
Pierre Dufresne
------------------------------

Hi Pierre,

Welcome to Resilient !

The email ingestion available via the Organization tab allows for creating incidents from emails while the email app on the exchange works within the context of an already created incident. Thats probably the major difference, you have to already have an incident created in order to trigger workflows that could leverage the app to perform email and exchange related operations in the context of that incident. The inbound email option on the other hand operates outside the context of any incident, and so can create or update incidents based on the logic defined in your parsing script.

Hope this helps.

------------------------------
MARTIN FEENEY
IBM Security SOAR Product Manager
IBM Security
martin.feeney@ie.ibm.com
Ireland
------------------------------

Original Message:
Sent: Thu February 25, 2021 04:00 PM
From: Pierre Dufresne
Subject: Email connection VS Microsoft Exchange Online Integration -- what is the difference?

Hi,

I am new to Resilient and I noticed on the App Exchange the "Microsoft Exchange Online Integration for Resilient" App.
I can see the App offers much more possibilities but it can also fetch emails.  Does this mean I don't have to use the email connection (from the Organization tab) and rely only on this App?
In what kind of scenarios would I use one or the other?

Thanks for your help.

------------------------------
Pierre Dufresne
------------------------------