Hi Shubham,
Your requirement is reasonable and 300 incidents/day is an acceptable volume. Of course, managing 300 incidents a day sounds like a good opportunity to introduce automation to handle false positives and low priority issues, leaving the (smaller) remainder to your analysts.
If you're not familiar with our generic email parsing script. it's a good starting point for parsing the body of an email message and creating an incident with identified artifacts. You can find that script on the AppExchange here.
You email messages may be more structured, so a custom email parsing script specific to the email message format may also be reasonable.
Good luck.
Mark
------------------------------
Mark Scherfling
------------------------------
Original Message:
Sent: Mon March 20, 2023 11:10 AM
From: Shubham Agarwal
Subject: Regarding large number of incidents created in Resilient SOAR
Hi Team,
We are trying to integrate a mailbox with Resilient soar where around 300 emails are coming on a daily basis.
Once all these mails will be converted into incident than huge number of incidents will be their in incident tab and playbook will also trigger for them.
Please let me know what is the best possible way to handle huge number of incidents.
------------------------------
Shubham Agarwal
------------------------------