Skip to main content

Hello team,

We are looking to enhance our phishing response process using our SOAR platform. Currently, when users report potential phishing emails, the alerts are generated with the suspicious email included as a .eml attachment.

Our goal is to create a fully automated, end-to-end triage playbook.

Hi, 

You could use a lot of integrations to achieve this task!

For example, the PowerUps integration EmailUtilities (Email Utilities  |  Google Security Operations  |  Google Cloud) that contains “Parse Case Wall Email” action where parse the email contained in the case wall activities, or you could configure and integrate the Microsoft Graph Mail integration (Integrate Microsoft Graph Mail with Google SecOps  |  Google Security Operations  |  Google Cloud) or EmailV2 integration (Email V2  |  Google Security Operations  |  Google Cloud).

There are a lot of possible solutions, all of these depend on your goals and technologies.

Thanks ​@bsalvatore We do not use Microsoft for our email setup. It requires us to key in some configuration parameters which we do not have. I however found out that this vertex AI integration could also be of help in this case. I am trying both EmailV2 and vertex, let’s see which one works best.

https://cloud.google.com/chronicle/docs/soar/marketplace-integrations/vertex-ai

Hi ​@devashishsingh, as ​@bsalvatore already mentioned there are many options. You can also consider creating your own action and integrating the SecOps MCP to level up your automated response. Here you can find a series of useful videos on the topic: 

 

 On top of that, you can find some inspiration within this thread 

.

Terms & ConditionsCookie settingsAccessibility statement
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.