Exchange (EWS)
- Jonas Gonzalez
Microsoft Exchange Server is a mail server and calendaring server developed by Microsoft. This integration relies on EWS being enabled for the server.
Connect Exchange with Devo SOAR
Navigate to Automations > Integrations.
Search for Exchange.
Click Details, then the + icon. Enter the required information in the following fields.
Label: Enter a connection name.
Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
Remote Agent: Run this integration using the Devo SOAR Remote Agent.
Server Name/IP: Server Name or IP address for Exchange authentication.
Username: Username for Exchange authentication.
Password: Password for Exchange authentication.
Email Address to use: User to login into Exchange as.
Exchange Build Version: Exchange build version in form of 'major_version, minor_version, major_build, minor_build'. Example: '15,0,12,34'
Timeout (Optional): Seconds to wait before stopping the authentication request (Default is 30 seconds).
After you've entered all the details, click Connect.
Actions for Exchange
Read Email
Pulls emails from a user's inbox.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Mailbox Folder | Path and name of the folder from which to pull email messages (typically Inbox). | Â |
Mark Read | Automatically mark messages read when they are pulled by Devo SOAR (Default is True). | Optional |
Unread Only | Pull only unread messages (Default is True). | Optional |
Download Attachments | Automatically download attachments (Default is True, Doing so may significantly increase processing time.). | Optional |
Filter by Subject | Jinja-templated subject to filter emails by. A case-insensitive 'contains' match is done. | Optional |
Message Limit | Limit the number of messages to pull at once. (Default is 100 messages). | Optional |
Maximum Message Age | Filter messages based on maximum age (in seconds) since message receipt time (Default is to retrieve all messages). | Optional |
Output
Correlated results when Filter By Subject is provided, otherwise uncorrelated results. The output table contains one row per email.
Get Attachments
Pulls the attachments of a set of emails.
Inputs
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Column with email message IDs | Select column holding the emails message-IDs. | Required |
Output
A JSON object containing multiple rows of result:
has_error: True/False
error: message/null
msgid: message-id of email
attachments: json array of attachments
Delete Email
Deletes an email by ID.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Column with email message ID | Select column containing the message IDs of emails, which need to be deleted. | Required |
Output
A JSON object containing multiple rows of result:
has_error: True/False
error: message/null
msgid: message-id of email
msg: Successfully deleted email
Mark Email as Read
Marks an email as read by ID.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Column with email message ID | Select column containing the message IDs of emails, which need to be marked as read. | Required |
Output
A JSON object containing multiple rows of result:
has_error: True/False
error: message/null
msgid: message-id of email
msg: Successfully marked email as read.
Mark Email as Unread
Marks an email as unread by ID.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Column with email message ID | Select column containing the message IDs of emails, which need to be marked as unread. | Required |
Output
A JSON object containing multiple rows of result:
has_error: True/False
error: message/null
msgid: message-id of email
msg: Successfully marked email as unread.
Add Categories
Append categories to an email.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Column with email message ID | Select column containing the ids of the messages to update. | Required |
Categories | A comma-separated list of categories. | Required |
Output
A JSON object containing multiple rows of result:
has_error: True/False
error: message/null
msgid: message-id of email
msg: Successfully updated email categories.
Replace Categories
Replace an email's categories.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Column with email message ID | Select column containing the IDs of the messages to update. | Required |
Categories | A comma-separated list of categories. | Required |
Output
A JSON object containing multiple rows of result:
has_error: True/False
error: message/null
msgid: message-id of email
msg: Successfully updated email categories.
Remove Categories
Remove categories from an email.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Column with email message ID | Select column containing the IDs of the messages to update. | Required |
Categories | A comma-separated list of categories. | Required |
Output
A JSON object containing multiple rows of result:
has_error: True/False
error: message/null
msgid: message-id of email
msg: Successfully updated email categories.
Send Email
Sends an email to an email address.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Column containing the email address for recipients | Select column containing the email addresses to send an email to. | Required |
Column containing the subject of an email | Select column containing the subject title for emails. | Required |
Column containing the body of an email | Select column containing the body for outbound emails. | Required |
Column containing the cc on outbound email | Select column containing an email address to attach as a cc on an outbound email. | Optional |
Column containing the bcc on outbound email | Select column containing an email address to attach as a bcc on an outbound email. | Optional |
File Attachment | Column containing one or more file IDs to attachment. (Can be a comma separated string of lhub_file_id values or a json dict in the format of {"\":"\"}). | Optional |
Attachment File Extension | If no file name is provided, add this extension to the attached files. | Optional |
Type | HTML/Plain-Text. Select the type of email body (default is Plain Text). | Optional |
Output
A JSON object containing multiple rows of result:
has_error: True/False
error: message/null
msgid: message-id of email
msg: Successfully sent email
Move Email
Moves an email from one folder to another.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Column with email message IDs | Select column containing the message IDs of emails, which need to be moved. | Required |
Column with folder name | Select column containing the destination folder name. | Required |
Output
A JSON object containing multiple rows of result:
has_error: True/False
error: message/null
msgid: message-id of email
msg: Successfully moved email to folder: .
Reply All
Reply All to the Email.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Email message ID | Jinja-templated text containing the value of message ID of the email. | Â |
Example: {{msgid}}. | Required | Â |
Body | Jinja-templated text containing the value of body of the email. | Â |
Example: {{body}}. | Required | Â |
Output
A JSON object containing multiple rows of result:
has_error: True/False
error: message/null
msgid: message-id of email
msg: Successfully Forwarded e-mail
``` {json}{ "msg": "Successfully Replied to the e-mail", "msgid": "SN4PR22MB2949F6E5FBD8F8E6651DF08BDC8C9@SN4PR22MB2949.namprd22.prod.outlook.com", "has_error": false, "error": null }
## Forward Email
Forwards an e-mail.
### Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
| : -------- | : -------- | : -------- |
| Email message ID | [Jinja-templated](doc:jinja-template) text containing the value of message ID of the email.
Example: {{msgid}}. | Required |
| Recipient Email | [Jinja-templated](doc:jinja-template) text containing the CSVs of the Recipient's emails.
Example: [a@example.com](mailto:a@example.com), {{to}} | Required |
| Body | [Jinja-templated](doc:jinja-template) text containing the value of body of the email.
Example: {{body}}. | Required |
### Output
A JSON object containing multiple rows of result:
- has_error: True/False
- error: message/null
- msgid: message-id of email
- msg: Successfully forwarded e-mail
``` {json}{
"msg": "Successfully Forwarded e-mail",
"msgid": "<SN4PR22MB2949F6E5FBD8F8E6651DF08BDC8C9@SN4PR22MB2949.namprd22.prod.outlook.com>",
"has_error": false,
"error": null
}Download Quarantine Message
Download Quarantine Message with given message-id. It will take few minutes to run this action, so in case response gets delayed, then timeout limit has to be increased.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Email Message ID | Jinja-templated text containing the value of message ID of the email. Example: {{msgid}} | Required |
Authentication Method | Jinja-templated text containing the value of authentication method to be used for this action. Only basic authentication(use 'basic') and certificate based(use 'certificate') are supported. Default is 'basic'. | Optional |
Self-Signed Certificate | Upload a .pfx Self-Signed Certificate file. | Optional |
Certificate password | Certificate Password. | Optional |
Tenant ID | Jinja-templated text containing the value of the directory ID or verified domain of your Office 365 tenant. Use only in case of Authentication Method is 'certificate'. Example: {{tenantid}} | Optional |
App ID | Jinja-templated text containing the value of App ID. Use only in case of Authentication Method is 'certificate'. Example: {{appid}} | Optional |
Output
A JSON object containing multiple rows of result:
has_error: True/False
error: message/null
file-id: file-id of downloaded email
``` {json}"data":{3 items "has_error":boolfalse "File-Id ":[1 item 0:string"2ae60eb911a348bbb3bc5120f0976cef.eml" ] "error":NULL }
## Download Quarantine Message List
Download all the Quarantine Messages from the start date till the end date. It will take few minutes to run this action, so in case response gets delayed, then timeout limit has to be increased.
### Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
| :---------------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------- |
| Enter Start Date | [Jinja-templated](doc:jinja-template) text containing the start date after which the quarantine messages have to be downloaded. Date in Format MM/DD/YYYY. Example: {{date}} | Required |
| Enter End Date | [Jinja-templated](doc:jinja-template) text containing the end date before which the quarantine messages have to be downloaded. Date in Format MM/DD/YYYY. Example: {{date}} | Required |
| Authentication Method | [Jinja-templated](doc:jinja-template) text containing the value of authentication method to be used for this action. Only basic authentication(use 'basic') and certificate based(use 'certificate') are supported. Default is 'basic'. | Optional |
| Self-Signed Certificate | Upload a .pfx Self-Signed Certificate file. | Optional |
| Certificate password | Certificate Password. | Optional |
| Tenant ID | [Jinja-templated](doc:jinja-template) text containing the value of the directory ID or verified domain of your Office 365 tenant. Use only in case of Authentication Method is 'certificate'. Example: {{tenantid}} | Optional |
| App ID | [Jinja-templated](doc:jinja-template) text containing the value of App ID. Use only in case of Authentication Method is 'certificate'. Example: {{appid}} | Optional |
### Output
A JSON object containing multiple rows of result:
- has_error: True/False
- error: message/null
- file-id: file-ids of downloaded email
``` {json}"data":{
"has_error":false,
"error":null,
"File Id ":[
"49fd25d0e39a436dad0e2644913b73e7.eml",
"7c78cf94f6294bdeb44ca7d4c7d9e7e9.eml",
"9f8fe488c81e4d359d008d0709b3a1f0.eml",
"6e7968c33ac9405ea6b47993d04b304f.eml",
"13dfdf58e65c490d89d74529656c1e67.eml",
"9b459430deec43418394842f33ab8a0b.eml"
]
}Download Quarantine Message By Certificate (Deprecated)
Download Quarantine Message with given message-id by certificate auth. It will take few minutes to run this action, so in case response gets delayed, then timeout limit has to be increased
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Self-Signed Certificate | Upload a .pfx Self-Signed Certificate file. | Required |
Certificate password | Certificate Password. | Optional |
Tenant ID | Text containing the value of the directory ID or verified domain of your Office 365 tenant. Use only in case of Authentication Method is 'certificate'.} | Required |
App ID | Text containing the value of App ID. Use only in case of Authentication Method is 'certificate'. | Required |
Email Message ID | Jinja-templated text containing the value of message ID of the email. Example: {{msgid}} | Required |
Output
JSON containing the following items:
{json}"data":{
"has_error":false,
"File-Id ":[
"2ae60eb911a348bbb3bc5120f0976cef.eml"
],
"error":null
}
Release Notes
v3.0.0- Updated architecture to support IO via filesystemv2.2.1- Added Build Version optional field at connection level.v2.1.1- Bug fixed forerror: global name 'sys' is not defined.v2.1.0- Marked actionDownload Quarantine Message By Certificateas deprecated.v1.14.2- Added retries in actionDownload Quarantine Message By Certificate.v1.14.1- Added new actionDownload Quarantine Message By Certificate.v1.13.5- Performance improvement on 2 actions:Download Quarantine Message ListandDownload Quarantine Message.v1.13.1- Added certificate option in Quarantine related actions.v1.12.3- Added 2 actions to download the quarantine message and quarantine message list.v1.11.0- Added option to add bcc in send mail action.