Forum Discussion
Nepttunus
Sep 26, 2024Copper Contributor
Sentinel - Phishing automation
Hello, I would like to know how to process an automation related to phishing. When a user marks an email as phishing or spam, it should be automatically verified. If it is phishing, it will perform a...
Nimantha_Deshappriya
Sep 26, 2024Copper Contributor
When investigating phishing emails, manual analysis is necessary because some of these emails contain sophisticated URLs that can bypass security filters. Once a phishing email is identified, Azure Logic Apps can be leveraged to check whether the email has been delivered to other users. If so, the app can be used to automatically delete the emails from their inboxes. This would require a more complex Azure Logic App, involving integration between Logic Apps and Microsoft Defender for Office 365, and potentially utilizing advanced threat hunting KQL queries within the workflow.
Nepttunus
Sep 26, 2024Copper Contributor
Hi,
Many thanks for the explanation.
I was thinking of something like: if it's the user who indicates that it is phishing, that somehow it would go to an OSINT platform (virustotal, abuseip, etc.) and check the indicators of compromise. In case the evaluation is positive, they would be removed, and if they are benign, the action would be to return them to the inbox. Something that would work based on the score of the analysis
Many thanks for the explanation.
I was thinking of something like: if it's the user who indicates that it is phishing, that somehow it would go to an OSINT platform (virustotal, abuseip, etc.) and check the indicators of compromise. In case the evaluation is positive, they would be removed, and if they are benign, the action would be to return them to the inbox. Something that would work based on the score of the analysis