Automate Email Incident Response with Armorblox in Cortex XSOAR

Feb 15, 2022
2 minutes
... views

The unending torrent of threats has created an environment where spear phishing attacks and other business email compromises happen daily. To combat this, many organizations have implemented security awareness training and user reporting; however, this can be to the detriment of the SOC. Repetitive tasks like checking similar suspicious emails across mailboxes, inspecting headers and metadata, and quarantining offending emails end up being a huge but necessary time sink. To prevent alert fatigue and ensure analysts have enough time for other tasks, it is crucial for security teams to implement automation alongside awareness training and reporting.

To overcome this problem, Armorblox and Cortex XSOAR are excited to share that the new Armorblox content pack for automated email protection is now available within the Cortex XSOAR Marketplace. This content pack provides customers with ML based natural language understanding (NLU) to automate incident response and playbooks that can span across network, endpoint, cloud and email security. The pre-built pack provides immediate value for security teams to prevent sophisticated threats including business email compromise, email account takeover and email data loss prevention. Security teams can utilize these functions with a single click installation and connect to the network in minutes over API.

Let’s take a look at why this is so important for your security program:

Together, Armorblox and Cortex XSOAR enable your security and IT teams to automate email threat prevention, monitoring, and triage to improve your security posture and accelerate incident response. Additionally, the Armorblox content pack enables you to:

  • Automate response actions with predetermined policies to increase resiliency against targeted email attacks.
  • Bring email threat intelligence to XSOAR playbooks that span across network, endpoint, cloud, and other security tools.
  • Detect and prevent phishing attacks based on user & behavioral analytics and natural language understanding. 
  • Prevent accidental or malicious loss of sensitive data and gain visibility into compliance violations.
  • Automate forward-looking remediation actions on identified threat types across all user mailboxes. 

Learn More

Build out your security program with the Armorblox content pack now available on the Cortex XSOAR Marketplace. Look up prebuilt integrations for your top security tools with over 830 content packs available for Cortex XSOAR, the market’s leading SOAR platform. 

Don’t have Cortex XSOAR? Download the Community Edition to get started. 

Learn more about Armorblox at and check out the content pack here.

Subscribe to Security Operations Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.