**Installation Instructions for Workflow**

1. **Prerequisites**:
   - Ensure you have a Microsoft user account with access to the email inbox you intend to monitor.
   - Confirm that Secure Malware Analytics is integrated and configured for Cisco XDR.

2. **Microsoft Email Integration**:
   - Log into Cisco XDR and navigate to the integrations section.
   - Select "Add Integration" and choose "Microsoft Email".
   - Enter the Microsoft user credentials and authenticate access to the email inbox.
   - Set up rules to direct relevant emails to a designated folder for monitoring.

3. **Configure Secure Malware Analytics**:
   - In the Cisco XDR portal, go to the integrations settings.
   - Select "Secure Malware Analytics" and ensure it's properly configured to communicate with XDR.
   - Verify that Secure Malware Analytics is set to receive URLs for analysis and return dispositions.

4. **Create the Automation Workflow**:
   - Access the automation section in Cisco XDR.
   - Create a new workflow and set it to trigger on new emails arriving in the monitored inbox.
   - Define actions to scrape email bodies for URLs, perform disposition checks, and update or create casebooks accordingly.

5. **Testing and Validation**:
   - Test the workflow with sample emails to ensure URLs are extracted and processed correctly.
   - Validate that casebooks are updated with accurate threat intelligence data from Secure Malware Analytics.

6. **Finalize and Deploy**:
   - Review all configurations and ensure they meet your security policies.
   - Deploy the workflow to start automated monitoring and analysis.

Microsoft - Incoming Email - Secure Malware URL Lookup

Description

Integration targets

Custom targets