IBM Security QRadar SOAR

 View Only
Expand all | Collapse all

Exchange Online integration - handling distro emails

  • 1.  Exchange Online integration - handling distro emails

    Posted Wed August 17, 2022 05:55 PM
    We are using the Exchange Online integration (fn_exchange_online v1.3.0) for querying O365. When calling the Exchange Online: Query Messages function, it requires the recipient email addres (exo_mail_address) as input.

    However, in case where we have a distro email as the recipient, and don't have the information for the actual recipients, how can we use this integration to pull the relevant emails? As of now, when we call the Exchange Online: Query Messages function with the distro email as the recipient, we don't find any emails. But the emails do in fact exist in the recipient mailboxes. 


    ------------------------------
    Mark Aksen
    ------------------------------


  • 2.  RE: Exchange Online integration - handling distro emails

    Posted Thu August 18, 2022 12:13 PM
    Hi Mark

    What is the "distro email"?  There must be a list of users or email addresses somewhere?

    The Exchange Online integration uses the Microsoft Graph REST API for querying emails.  Those queries require an email address for the mailbox to be searched.

    ------------------------------
    AnnMarie Norcross
    ------------------------------