InsightConnect Marketplace

Microsoft Exchange

Back to Marketplace

Microsoft Exchange

v6.1.1

The Microsoft Exchange plugin for Rapid7 InsightConnect allows users to monitor, manage, and send emails

Tags: microsoft, exchange, email, calendar

Triggers
  • Email Received

Actions
  • Delete Attachments
  • Delete Email
  • Lookup Contact by Email
  • Move Email
  • Search Inboxes
  • Send Email
  • Set Email Categories

Description

The Microsoft Exchange plugin for Rapid7 InsightConnect allows users to monitor, manage, and send emails. The plugin can start workflows on new incoming email, get the contents of that email, and pass that to email and phishing analysis tools. The plugin will also the user to manage email in the case where remediation is needed. In addition, this plugin can automate the sending of e-mail for alerting and notification purposes.

Key Features

  • Ability to trigger on incoming emails
  • Search for or manage suspicious emails
  • Remediation actions to delete emails or their attachments

Requirements

  • An administrative user account
  • A Microsoft Exchange server
  • Exchange server details (see connection for more information)

Documentation

Setup

Check out the plugin guide for more details on how to configure this plugin.

The connection configuration accepts the following parameters:

Name Type Default Required Description Enum Example
access_type string Delegate True Access type to use for login. See differences between Delegate and Impersonation here: https://blogs.msdn.microsoft.com/exchangedev/2009/06/15/exchange-impersonation-vs-delegate-access/|['Delegate', 'Impersonation'] Delegate
autodiscover boolean True True Allow the plugin to auto-detect your exchange server settings. This can fail in certain Exchange server configurations None True
exchange_server_version string False Exchange server version. If autodiscover is set to false then this option must be specified ['', 'Exchange 2007', 'Exchange 2007 SP1', 'Exchange 2010', 'Exchange 2010 SP1', 'Exchange 2010 SP2', 'Exchange 2013', 'Exchange 2013 SP1', 'Exchange 2016', 'Exchange 2019'] Exchange 2016
primary_smtp_address string None False Primary SMTP address None user@example.com
server string None False If autodiscover is set to false then this option must be specified. Example: mail.example.com or exchange.example.com/EWS/Exchange.asmx None mail.example.com
user_pass credential_username_password None True Username and password for the account. Username is usually in domain\username format, where domain is the name of the domain your username is connected to. Some servers accept usernames in PrimarySMTPAddress ('user@example.com') format. UPN format is also supported None {"password": "password", "username": "user@example.com"}
verify_ssl boolean True True Whether or not to verify SSL connection. Try setting to false if you are having issues connecting None True

Example input:

{
  "access_type": "Delegate",
  "autodiscover": false,
  "exchange_server_version": "Exchange 2016",
  "primary_smtp_address": "user@example.com",
  "server": "mail.example.com",
  "user_pass": "{\"password\": \"password\", \"username\": \"user@example.com\"}",
  "verify_ssl": true
}

Technical Details

Actions

Send Email

This action is used to send an email.

Input
Name Type Default Required Description Enum Example
body string None True Email body (HTML supported) None Test email body
email_recipients []string None True Recipients for the email None ['user@example.com', 'user2@example.com']
subject string None True Subject of the email None Hello World

Example input:

{
  "body": "Test email body",
  "email_recipients": [
    "user@example.com",
    "user2@example.com"
  ],
  "subject": "Hello World"
}
Output
Name Type Required Description
success boolean True True if sending the email was successful

Example output:

{
  "success": true
}

Delete Attachments

This action is used to delete attachments from an email.

Input
Name Type Default Required Description Enum Example
account string None False Account to delete the email attachments from. The account configured in your Connection must have Impersonation access None user@example.com
email_id string None True ID of the email to delete attachments from None CQAAABYAAADj24MSwVjtQKKoNUEMo2ttAAJOzDDn^AAMkADY5ZmEzODg5LWM2MTEtNDdkYi1hYjQ3LTQ4NWIxY2M0NDdlNgBGAAAAAABfEV9q9pQjQar+eMHWVZAPBwDj24MSwVjtQKKoNUEMo2ttAAAAAAEMAADj24MSwVjtQKKoNUEMo2ttAAJOyHftAAA=

Example input:

{
  "account": "user@example.com",
  "email_id": "CQAAABYAAADj24MSwVjtQKKoNUEMo2ttAAJOzDDn^AAMkADY5ZmEzODg5LWM2MTEtNDdkYi1hYjQ3LTQ4NWIxY2M0NDdlNgBGAAAAAABfEV9q9pQjQar+eMHWVZAPBwDj24MSwVjtQKKoNUEMo2ttAAAAAAEMAADj24MSwVjtQKKoNUEMo2ttAAJOyHftAAA="
}
Output
Name Type Required Description
email email False Email after attachment deletion

Example output:

{
  "email": {
      "account": "user@example.com",
      "attached_emails": [],
      "attached_files": [],
      "body": "Test email",
      "flattened_attached_emails": [],
      "flattened_attached_files": [],
      "headers": [{
          "name": "Received",
          "value": ""
      }],
      "id": "AQMkAGRlNjhiMTkwLTJhMjUtNGI1ZS1hMGVlAC01MjUyZjgxZjM4Y2IARgAAAxV9OuuaYO1GuNrmyowDcygHAOrvwEx5H1ZNgslFeFvir+EAAAIBDAAAAOrvwEx5H1ZNgslFeFvir+EAAAIFaAAAAA==",
      "is_read": false,
      "sender": "user@example.com",
      "subject": "Check this out!"
  }
}

Delete Email

This action deletes a specified email.

Input
Name Type Default Required Description Enum Example
account string None False Account to delete the email from. The account configured in your Connection must have Impersonation access None user@example.com
deletion_method string None True Deletes an email. Emails can be hard deleted, soft deleted (kept in recoverable folder), or moved to trash ['Hard', 'Soft', 'Trash'] Hard
email_id string None True ID of the email to delete None CQAAABYAAADj24MSwVjtQKKoNUEMo2ttAAJOzDDn^AAMkADY5ZmEzODg5LWM2MTEtNDdkYi1hYjQ3LTQ4NWIxY2M0NDdlNgBGAAAAAABfEV9q9pQjQar+eMHWVZAPBwDj24MSwVjtQKKoNUEMo2ttAAAAAAEMAADj24MSwVjtQKKoNUEMo2ttAAJOyHftAAA=
flatten_attachments boolean False False Flattens attachments to a single list None True

Example input:

{
  "account": "user@example.com",
  "deletion_method": "Hard",
  "email_id": "CQAAABYAAADj24MSwVjtQKKoNUEMo2ttAAJOzDDn^AAMkADY5ZmEzODg5LWM2MTEtNDdkYi1hYjQ3LTQ4NWIxY2M0NDdlNgBGAAAAAABfEV9q9pQjQar+eMHWVZAPBwDj24MSwVjtQKKoNUEMo2ttAAAAAAEMAADj24MSwVjtQKKoNUEMo2ttAAJOyHftAAA=",
  "flatten_attachments": true
}
Output
Name Type Required Description
email email False Email that has been deleted

Example output:

{
  "email": {
      "account": "user@example.com",
      "attached_emails": [],
      "attached_files": [],
      "body": "Test email",
      "flattened_attached_emails": [],
      "flattened_attached_files": [],
      "headers": [{
          "name": "Received",
          "value": ""
      }],
      "id": "AQMkAGRlNjhiMTkwLTJhMjUtNGI1ZS1hMGVlAC01MjUyZjgxZjM4Y2IARgAAAxV9OuuaYO1GuNrmyowDcygHAOrvwEx5H1ZNgslFeFvir+EAAAIBDAAAAOrvwEx5H1ZNgslFeFvir+EAAAIFaAAAAA==",
      "is_read": false,
      "sender": "user@example.com",
      "subject": "Check this out!"
  }
}

Lookup Contact by Email

This action is used to get a Users Contact Details from an email address.

Input
Name Type Default Required Description Enum Example
email_address string None True Email address to search for None user@example.com

Example input:

{
  "email_address": "user@example.com"
}
Output
Name Type Required Description
success boolean True Whether or not a user was found
user user False User details in Exchange in JSON format

Example output:

{ 
    "id" : "JF8SA8FY4HWDHS78sytywkGVBXdt755r5dry5RftGJUY",
    "first_name" : "Example",
    "last_name" : "User",
    "display_user" : "Example User"
}

Move Email

This action moves an email from one folder to another.

Input
Name Type Default Required Description Enum Example
account string None False Account to move the email on. Emails can only be moved within the account specified here. The account configured in your Connection must have Impersonation access None user@example.com
destination_folder string None True Common values are Calendar, Trash, Drafts, Inbox, Outbox, Sent, Junk, Tasks, Contacts. You can also use a completely custom value, for example python_mailing_list. Folder names are case-sensitive None Inbox
email_id string None True ID of the email to move None CQAAABYAAADj24MSwVjtQKKoNUEMo2ttAAJOzDDn^AAMkADY5ZmEzODg5LWM2MTEtNDdkYi1hYjQ3LTQ4NWIxY2M0NDdlNgBGAAAAAABfEV9q9pQjQar+eMHWVZAPBwDj24MSwVjtQKKoNUEMo2ttAAAAAAEMAADj24MSwVjtQKKoNUEMo2ttAAJOyHftAAA=
flatten_attachments boolean False False Flattens attachments to a single list None True

Example input:

{
  "account": "user@example.com",
  "destination_folder": "Inbox",
  "email_id": "CQAAABYAAADj24MSwVjtQKKoNUEMo2ttAAJOzDDn^AAMkADY5ZmEzODg5LWM2MTEtNDdkYi1hYjQ3LTQ4NWIxY2M0NDdlNgBGAAAAAABfEV9q9pQjQar+eMHWVZAPBwDj24MSwVjtQKKoNUEMo2ttAAAAAAEMAADj24MSwVjtQKKoNUEMo2ttAAJOyHftAAA=",
  "flatten_attachments": true
}
Output
Name Type Required Description
email email False Email that was moved

Example output:

{
  "email": {
      "account": "user@example.com",
      "attached_emails": [],
      "attached_files": [],
      "body": "Test email",
      "flattened_attached_emails": [],
      "flattened_attached_files": [],
      "headers": [{
          "name": "Received",
          "value": ""
      }],
      "id": "AQMkAGRlNjhiMTkwLTJhMjUtNGI1ZS1hMGVlAC01MjUyZjgxZjM4Y2IARgAAAxV9OuuaYO1GuNrmyowDcygHAOrvwEx5H1ZNgslFeFvir+EAAAIBDAAAAOrvwEx5H1ZNgslFeFvir+EAAAIFaAAAAA==",
      "is_read": false,
      "sender": "user@example.com",
      "subject": "Check this out!"
  }
}

Search Inboxes

This action is used to search account inboxes for emails using an EWS QueryString.

Input
Name Type Default Required Description Enum Example
accounts []string None True List of accounts to be searched None ['user@example.com', 'user@example.com']
all_folders boolean False True Whether or not to search all Inbox subfolders. This may increase processing time None True
flatten_attachments boolean False False Flattens attachments to a single list None True
querystring string None True EWS QueryString to used for the search. Please refer to the EWS QueryString documentation available through Microsoft for assistance if needed None from:"John Doe" AND subject:(project AND plan)

Example input:

{
  "accounts": [
    "user@example.com",
    "user@example.com"
  ],
  "all_folders": true,
  "flatten_attachments": true,
  "querystring": "from:\"John Doe\" AND subject:(project AND plan)"
}
Output
Name Type Required Description
match_count integer True Number of matches found
matches []email True Emails that match the EWS QueryString

Example output:

{
  "match_count": 1,
  "matches": [{
      "account": "user@example.com",
      "attached_emails": [],
      "attached_files": [],
      "body": "Test email",
      "flattened_attached_emails": [],
      "flattened_attached_files": [],
      "headers": [{
          "name": "Received",
          "value": ""
      }],
      "id": "AQMkAGRlNjhiMTkwLTJhMjUtNGI1ZS1hMGVlAC01MjUyZjgxZjM4Y2IARgAAAxV9OuuaYO1GuNrmyowDcygHAOrvwEx5H1ZNgslFeFvir+EAAAIBDAAAAOrvwEx5H1ZNgslFeFvir+EAAAIFaAAAAA==",
      "is_read": false,
      "sender": "user@example.com",
      "subject": "Check this out!"
  }]
}

Set Email Categories

This action sets the defined categories on an email.

Input
Name Type Default Required Description Enum Example
account string None False Account to set the email category on. The account configured in your Connection must have Impersonation access None user@example.com
categories []string None True Categories to set on the email. Existing categories on the email will be overwritten None ['Important', 'Sensitive']
email_id string None True ID of the email to set categories on None CQAAABYAAADj24MSwVjtQKKoNUEMo2ttAAJOzDDn^AAMkADY5ZmEzODg5LWM2MTEtNDdkYi1hYjQ3LTQ4NWIxY2M0NDdlNgBGAAAAAABfEV9q9pQjQar+eMHWVZAPBwDj24MSwVjtQKKoNUEMo2ttAAAAAAEMAADj24MSwVjtQKKoNUEMo2ttAAJOyHftAAA=

Example input:

{
  "account": "user@example.com",
  "categories": [
    "Important",
    "Sensitive"
  ],
  "email_id": "CQAAABYAAADj24MSwVjtQKKoNUEMo2ttAAJOzDDn^AAMkADY5ZmEzODg5LWM2MTEtNDdkYi1hYjQ3LTQ4NWIxY2M0NDdlNgBGAAAAAABfEV9q9pQjQar+eMHWVZAPBwDj24MSwVjtQKKoNUEMo2ttAAAAAAEMAADj24MSwVjtQKKoNUEMo2ttAAJOyHftAAA="
}
Output
Name Type Required Description
success boolean True Whether or not the category set was successful

Example output:

{
  "success": true
}

Triggers

Email Received

This trigger is used to poll mailbox for new emails.

Input
Name Type Default Required Description Enum Example
flatten_attachments boolean False False Flattens attachments to a single list None False
mailbox_name string None True Common values are Calendar, Trash, Drafts, Inbox, Outbox, Sent, Junk, Tasks, Contacts. You can also use a completely custom value, for example python_mailing_list. Mailbox names are case-sensitive None Inbox
poll_interval integer 15 True How often to poll the specified mailbox for new emails, in seconds. Default value is 15 seconds None 15
subject_query string False Query to search for in subject (regex capable). Only these emails will be marked as read None Free Stuff

Example input:

{
  "flatten_attachments": false,
  "mailbox_name": "Inbox",
  "poll_interval": 15,
  "subject_query": "Free Stuff"
}
Output
Name Type Required Description
email email False Email

Example output:

{
  "email": {
      "account": "user@example.com",
      "attached_emails": [],
      "attached_files": [],
      "body": "Test email",
      "flattened_attached_emails": [],
      "flattened_attached_files": [],
      "headers": [{
          "name": "Received",
          "value": ""
      }],
      "id": "AQMkAGRlNjhiMTkwLTJhMjUtNGI1ZS1hMGVlAC01MjUyZjgxZjM4Y2IARgAAAxV9OuuaYO1GuNrmyowDcygHAOrvwEx5H1ZNgslFeFvir+EAAAIBDAAAAOrvwEx5H1ZNgslFeFvir+EAAAIFaAAAAA==",
      "is_read": false,
      "sender": "user@example.com",
      "subject": "Check this out!"
  }
}

Custom Output Types

attachment_email

Name Type Required Description
Attached Emails []object False None
Attached Files []attachment_file False None
Body string False None
Categories []string False None
Date Received date False None
Headers []header True None
ID string False None
Sender string False None
Subject string False None

attachment_file

Name Type Required Description
Content bytes False None
Content Type string False None
Name string False None

email

Name Type Required Description
Account string False Primary SMTP Address of the account for which the email was found on
Attached Emails []attachment_email False None
Attached Files []attachment_file False None
Body string False None
Categories []string False None
Date Received date False None
Flattened Attached Emails []attachment_email False None
Flattened Attached Files []attachment_file False None
Headers []header True None
ID string True None
Is Read boolean False Whether or not the email has been read
Sender string True None
Subject string False None
Name Type Required Description
Name string False None
Value string False None

user

Name Type Required Description
Display Name string False None
First Name string False None
ID string False Microsoft Exchange ID for User
Last Name string False None

Troubleshooting

  • The ID for an email changes as actions are taken on the email. Because of this, actions that return an email must have the ID of that email used for subsequent actions.

  • Shared folders are only accessible to the plugin when using a connection configured with the Exchange account that owns the shared folder.

  • Microsoft provides a tool for troubleshooting remote connectivity to Exchange service account access that can be useful in diagnosing connection issues with this plugin. The tool can be accessed here.

Version History

  • 6.1.1 - Add docs_url to plugin spec with link to plugin setup guide
  • 6.1.0 - Add Send Email action | Fix bug where impersonation could fail
  • 6.0.0 - Update exchangelib version from 1.1.12 to 3.1.1 | Expanded Exchange version support (2007 SP1, 2010 SP1, 2013 SP1, 2016, 2019) | Require SSL connections | Additional logging | Updated troubleshooting
  • 5.2.0 - Added new action Lookup User by Email
  • 5.1.2 - New spec and help.md format for the Extension Library
  • 5.1.1 - Fix issue where .eml files could be returned as a file instead of as an email
  • 5.1.0 - Update to Python 3.7 Slim SDK (plugin size reduction) | New action Delete Attachments | Improved error handling
  • 5.0.2 - Fix issue where Search Inboxes would impersonate its own account
  • 5.0.1 - Fix issue in email parsing where a crash could occur if no headers are present
  • 5.0.0 - Remove changekey input to allow for easier email plugin swapping in workflows
  • 4.0.0 - Add action: Search Inboxes | bugfix: potential for invalid ID/changekey when working with email | unify terminology | hardened code and more descriptive error logging | execute actions across impersonated accounts
  • 3.0.1 - Disable exponential backoff in connection attempts, add attached_emails and attached_files properties to email attachments
  • 3.0.0 - Overhaul message type (email headers, separated attachment types) | Support web server mode
  • 2.1.1 - Bug fix for CI tool incorrectly uploading plugins
  • 2.1.0 - Subject query search | move to v2 architecture
  • 2.0.1 - Fix delete bug, Fix flatten argument always evaluating as true
  • 2.0.0 - Deleting emails no longer iterates all email, Changekey required for action
  • 1.3.0 - Add attachments of attachments. All attachments are base64 encoded. Added more error handling.
  • 1.2.2 - SSL bug fix in SDK
  • 1.2.1 - Fix connection test so it fails when invalid credentials are used
  • 1.2.0 - Add action: Set Email Categories. Add categories as a property on the email type
  • 1.1.1 - Add input to connection: Disable SSL verification
  • 1.1.0 - Add action: Move Email
  • 1.0.0 - Overhaul of connection code and more configuration inputs to support more varied server configurations
  • 0.1.3 - New action for deleting a message
  • 0.1.2 - Add access type as input option in connection
  • 0.1.0 - Initial plugin

Links

References

plugin_spec_version: v2
extension: plugin
products: ["insightconnect"]
name: microsoft_exchange
title: Microsoft Exchange
version: 6.1.1
description: The Microsoft Exchange plugin for Rapid7 InsightConnect allows users to monitor, manage, and send emails
vendor: rapid7
support: rapid7
status: []
resources:
  vendor_url: https:/www.microsoft.com
  docs_url: https://insightconnect.help.rapid7.com/docs/microsoft-exchange
tags:
- microsoft
- exchange
- email
- calendar
hub_tags:
  use_cases: [threat_detection_and_response]
  keywords: [microsoft, exchange, email, calendar]
  features: []
language: python
types:
  header:
    name:
      type: string
      required: false
    value:
      type: string
      required: false
  attachment_file:
    name:
      type: string
      required: false
    content:
      type: bytes
      required: false
    content_type:
      type: string
      required: false
  attachment_email:
    id:
      type: string
      title: ID
      required: false
    sender:
      type: string
      required: false
    subject:
      type: string
      required: false
    body:
      type: string
      required: false
    categories:
      type: '[]string'
      required: false
    date_received:
      type: date
      required: false
    headers:
      type: '[]header'
      required: true
    attached_files:
      type: '[]attachment_file'
      required: false
    attached_emails:
      type: '[]object'
      required: false
  email:
    id:
      type: string
      title: ID
      required: true
    account:
      type: string
      title: Account
      required: false
      description: Primary SMTP Address of the account for which the email was found
        on
    is_read:
      type: boolean
      title: Is Read
      required: false
      description: Whether or not the email has been read
    sender:
      type: string
      required: true
    subject:
      type: string
      required: false
    body:
      type: string
      required: false
    attached_files:
      type: '[]attachment_file'
      required: false
    attached_emails:
      type: '[]attachment_email'
      required: false
    flattened_attached_emails:
      type: '[]attachment_email'
      required: false
    flattened_attached_files:
      type: '[]attachment_file'
      required: false
    categories:
      type: '[]string'
      required: false
    date_received:
      type: date
      required: false
    headers:
      type: '[]header'
      required: true
  user:
    id:
      title: ID
      description: Microsoft Exchange ID for User
      type: string
      required: false
    display_name:
      title: Display Name
      type: string
      required: false
    first_name:
      title: First Name
      type: string
      required: false
    last_name:
      title: Last Name
      type: string
      required: false
connection:
  user_pass:
    type: credential_username_password
    title: Username and Password
    description: Username and password for the account. Username is usually in domain\\username
      format, where domain is the name of the domain your username is connected to.
      Some servers accept usernames in PrimarySMTPAddress ('user@example.com') format.
      UPN format is also supported
    required: true
    example: '{"password": "password", "username": "user@example.com"}'
    order: 1
  primary_smtp_address:
    type: string
    title: Primary SMTP Address
    description: Primary SMTP address
    example: user@example.com
    order: 3
    required: false
  autodiscover:
    title: Autodiscover
    type: boolean
    description: Allow the plugin to auto-detect your exchange server settings. This
      can fail in certain Exchange server configurations
    default: true
    example: true
    required: true
    order: 4
  access_type:
    title: Access Type
    type: string
    enum:
    - Delegate
    - Impersonation
    default: Delegate
    example: Delegate
    required: true
    description: 'Access type to use for login. See differences between Delegate and
      Impersonation here: https://blogs.msdn.microsoft.com/exchangedev/2009/06/15/exchange-impersonation-vs-delegate-access/'
    order: 5
  verify_ssl:
    title: Verify SSL
    type: boolean
    description: Whether or not to verify SSL connection. Try setting to false if
      you are having issues connecting
    required: true
    example: true
    default: true
  server:
    title: Server
    type: string
    description: 'If autodiscover is set to false then this option must be specified.
      Example: mail.example.com or exchange.example.com/EWS/Exchange.asmx'
    order: 7
    example: mail.example.com
    required: false
  exchange_server_version:
    title: Exchange Server Version
    type: string
    description: Exchange server version. If autodiscover is set to false then this
      option must be specified
    default: ''
    example: Exchange 2016
    enum:
    - ''
    - Exchange 2007
    - Exchange 2007 SP1
    - Exchange 2010
    - Exchange 2010 SP1
    - Exchange 2010 SP2
    - Exchange 2013
    - Exchange 2013 SP1
    - Exchange 2016
    - Exchange 2019
    order: 8
    required: false
triggers:
  email_received:
    title: Email Received
    description: Poll mailbox for new emails
    input:
      mailbox_name:
        title: Mailbox Name
        type: string
        description: Common values are Calendar, Trash, Drafts, Inbox, Outbox, Sent,
          Junk, Tasks, Contacts. You can also use a completely custom value, for example
          python_mailing_list. Mailbox names are case-sensitive
        required: true
        example: Inbox
      poll_interval:
        title: Poll Interval
        type: integer
        description: How often to poll the specified mailbox for new emails, in seconds.
          Default value is 15 seconds
        default: 15
        example: 15
        required: true
      flatten_attachments:
        title: Flatten Attachments
        type: boolean
        description: Flattens attachments to a single list
        default: false
        example: false
        required: false
      subject_query:
        title: Subject Query
        type: string
        description: Query to search for in subject (regex capable). Only these emails
          will be marked as read
        default: ''
        example: Free Stuff
        required: false
    output:
      email:
        title: Email
        type: email
        required: false
        description: Email
actions:
  send_email:
    title: Send Email
    description: Send an email
    input:
      subject:
        type: string
        title: Subject
        description: Subject of the email
        required: true
        example: Hello World
      email_recipients:
        type: "[]string"
        title: Recipients
        description: Recipients for the email
        required: true
        example: ["user@example.com", "user2@example.com"]
      body:
        type: string
        title: Body
        description: Email body (HTML supported)
        required: true
        example: Test email body
    output:
      success:
        type: boolean
        title: Success
        description: True if sending the email was successful
        required: true
        example: true
  delete_email:
    title: Delete Email
    description: Deletes a specified email
    input:
      email_id:
        type: string
        title: Email ID
        description: ID of the email to delete
        example:  CQAAABYAAADj24MSwVjtQKKoNUEMo2ttAAJOzDDn^AAMkADY5ZmEzODg5LWM2MTEtNDdkYi1hYjQ3LTQ4NWIxY2M0NDdlNgBGAAAAAABfEV9q9pQjQar+eMHWVZAPBwDj24MSwVjtQKKoNUEMo2ttAAAAAAEMAADj24MSwVjtQKKoNUEMo2ttAAJOyHftAAA=
        required: true
      deletion_method:
        title: Deletion Method
        type: string
        description: Deletes an email. Emails can be hard deleted, soft deleted (kept
          in recoverable folder), or moved to trash
        example: Hard
        enum:
        - Hard
        - Soft
        - Trash
        required: true
      flatten_attachments:
        title: Flatten Attachments
        type: boolean
        description: Flattens attachments to a single list
        default: false
        example: true
        required: false
      account:
        title: Account
        type: string
        description: Account to delete the email from. The account configured in your
          Connection must have Impersonation access
        example: user@example.com
        required: false
    output:
      email:
        title: Email
        type: email
        required: false
        description: Email that has been deleted
  delete_attachments:
    title: Delete Attachments
    description: Delete attachments from an email
    input:
      email_id:
        type: string
        title: Email ID
        description: ID of the email to delete attachments from
        example:  CQAAABYAAADj24MSwVjtQKKoNUEMo2ttAAJOzDDn^AAMkADY5ZmEzODg5LWM2MTEtNDdkYi1hYjQ3LTQ4NWIxY2M0NDdlNgBGAAAAAABfEV9q9pQjQar+eMHWVZAPBwDj24MSwVjtQKKoNUEMo2ttAAAAAAEMAADj24MSwVjtQKKoNUEMo2ttAAJOyHftAAA=
        required: true
      account:
        title: Account
        type: string
        description: Account to delete the email attachments from. The account configured in your
          Connection must have Impersonation access
        example: user@example.com
        required: false
    output:
      email:
        title: Email
        type: email
        required: false
        description: Email after attachment deletion
  move_email:
    title: Move Email
    description: Moves an email from one folder to another
    input:
      email_id:
        type: string
        title: Email ID
        description: ID of the email to move
        example: CQAAABYAAADj24MSwVjtQKKoNUEMo2ttAAJOzDDn^AAMkADY5ZmEzODg5LWM2MTEtNDdkYi1hYjQ3LTQ4NWIxY2M0NDdlNgBGAAAAAABfEV9q9pQjQar+eMHWVZAPBwDj24MSwVjtQKKoNUEMo2ttAAAAAAEMAADj24MSwVjtQKKoNUEMo2ttAAJOyHftAAA=
        required: true
      destination_folder:
        type: string
        title: Destination Folder
        description: Common values are Calendar, Trash, Drafts, Inbox, Outbox, Sent,
          Junk, Tasks, Contacts. You can also use a completely custom value, for example
          python_mailing_list. Folder names are case-sensitive
        example: Inbox
        required: true
      flatten_attachments:
        title: Flatten Attachments
        type: boolean
        description: Flattens attachments to a single list
        default: false
        example: true
        required: false
      account:
        title: Account
        type: string
        description: Account to move the email on. Emails can only be moved within
          the account specified here. The account configured in your Connection must
          have Impersonation access
        example: user@example.com
        required: false
    output:
      email:
        title: Email
        type: email
        required: false
        description: Email that was moved
  set_email_categories:
    title: Set Email Categories
    description: Sets the defined categories on an email
    input:
      email_id:
        type: string
        title: Email ID
        description: ID of the email to set categories on
        example: CQAAABYAAADj24MSwVjtQKKoNUEMo2ttAAJOzDDn^AAMkADY5ZmEzODg5LWM2MTEtNDdkYi1hYjQ3LTQ4NWIxY2M0NDdlNgBGAAAAAABfEV9q9pQjQar+eMHWVZAPBwDj24MSwVjtQKKoNUEMo2ttAAAAAAEMAADj24MSwVjtQKKoNUEMo2ttAAJOyHftAAA=
        required: true
      categories:
        type: '[]string'
        title: Categories
        description: Categories to set on the email. Existing categories on the email
          will be overwritten
        example: ['Important', 'Sensitive']
        required: true
      account:
        type: string
        description: Account to set the email category on. The account configured
          in your Connection must have Impersonation access
        example: user@example.com
        required: false
        title: Account
    output:
      success:
        title: Success
        type: boolean
        required: true
        description: Whether or not the category set was successful
  search_inboxes:
    title: Search Inboxes
    description: Search account inboxes for emails using an EWS QueryString
    input:
      accounts:
        type: '[]string'
        title: Accounts
        required: true
        description: List of accounts to be searched
        example: ['user@example.com', 'user@example.com']
      querystring:
        type: string
        title: EWS QueryString
        required: true
        description: EWS QueryString to used for the search. Please refer to the EWS
          QueryString documentation available through Microsoft for assistance if
          needed
        example: 'from:"John Doe" AND subject:(project AND plan)'
      all_folders:
        type: boolean
        title: Search All Folders
        description: Whether or not to search all Inbox subfolders. This may increase
          processing time
        required: true
        example: true
        default: false
      flatten_attachments:
        title: Flatten Attachments
        type: boolean
        description: Flattens attachments to a single list
        default: false
        example: true
        required: false
    output:
      match_count:
        type: integer
        title: Match Count
        description: Number of matches found
        required: true
      matches:
        type: '[]email'
        title: Matches
        description: Emails that match the EWS QueryString
        required: true
  lookup_contact_by_email:
    title: Lookup Contact by Email
    description: Get a Users Contact Details from an email address
    input:
      email_address:
        type: string
        title: Email Address
        description: Email address to search for
        example: user@example.com
        required: true
    output:
      success:
        title: Success
        type: boolean
        required: true
        description: Whether or not a user was found
      user:
        title: User
        type: user
        required: false
        description: User details in Exchange in JSON format
Other plugins
McAfee Advanced Threat Defense
Rapid7   |   v1.5.0
Plugin
Get
Ivanti Security Controls
Rapid7   |   v1.3.0
Plugin
Get
Base64
Rapid7   |   v1.1.5
Plugin
Get
Fortinet FortiGate
Rapid7   |   v4.0.2
Plugin
Get
Jira
Rapid7   |   v6.0.0
Plugin
Get