Exchange 2016 Compliance Search

Use this integration to run and manage compliance searches on your Exchange 2016 Server.

This integration was integrated and tested with Exchange 2016 Server.

Use Cases

Exchange Server 2016 Compliance Search enables you to search for and delete an email message from all mailboxes in your organization. There are no limits to the number of target mailboxes in a single search.

Prerequisite

Install Demisto Engine

  • Demisto Engine must be installed on a target window machine which is part of the domain of your Exchange 2016 server.
  • Make sure you have Python 2.7 installed on the Engine machine.
  • Add the necessary Python lbs to the Engine machine.
    https://github.com/demisto/content/blob/master/requirements.txt
    Run the pip install --no-cache-dir -r requirements.txt command.
  • Make sure the integration runs without docker image.
  • For more information regarding Installing and Deploying Demisto Engines, see the Demisto Engines Documentation .

Permissions
The user that you configure for the integration instance requires the Compliance Management role to run the integration commands. For more information, see the Microsoft Documentation .

Configure Exchange 2016 Compliance Search on Demisto

  1. Navigate to Settings > Integrations > Servers & Services .
  2. Search for Exchange 2016 Compliance Search.
  3. Click Add instance to create and configure a new integration instance.
    • Name : a textual name for the integration instance.
    • DOMAIN\USERNAME (e.g., DEMISTO.INT\admin)
    • Exchange Server fully qualified domain name (FQDN)
    • Use single engine : engine to run the integration on
    • Note : the integration requires engine and there is no option to use it without engine.
    • Trust any certificate (not secure)
  4. Click Test to validate the URLs, token, and connection.

Commands

You can execute these commands from the Demisto CLI, as part of an automation, or in a playbook.
After you successfully execute a command, a DBot message appears in the War Room with the command details.

  1. Start a compliance search: exchange2016-start-compliance-search
  2. Get the results and status of a compliance search: exchange2016-get-compliance-search
  3. Remove a compliance search: exchange2016-remove-compliance-search
  4. Purge the results of a compliance search: exchange2016-purge-compliance-search-results
  5. Get the status of a purge operation: exchange2016-get-compliance-search-purge-status

Initiates a compliance search.

Base Command

exchange2016-start-compliance-search

Input
Argument Name Description Required
query Query for finding mail messages Required

Context Output
Path Type Description
EWS.ComplianceSearch.Name string The name of the compliance search
EWS.ComplianceSearch.Status string The status of the compliance search

Command Example
exchange2016-start-compliance-search query="subject:\"Email to be searched and deleted\""
  
Context Example
{
    "EWS": {
        "ComplianceSearch": {
            "Status": "Starting", 
            "Name": "DemistoSearch939b54bcd2bb4848bb0885dc4071d366"
        }
    }
}
Human Readable Output

image


Gets the status and results of a compliance search.

Base Command

exchange2016-get-compliance-search

Input
Argument Name Description Required
search-name Name of the compliance search Required

Context Output
Path Type Description
EWS.ComplianceSearch.Status string The status of the compliance search

Command Example
exchange2016-get-compliance-search search-name=DemistoSearch939b54bcd2bb4848bb0885dc4071d366
  
Context Example
{
    "EWS": {
        "ComplianceSearch": {
            "Status": "InProgress", 
            "Name": "DemistoSearch939b54bcd2bb4848bb0885dc4071d366"
        }
    }
}
Human Readable Output

image


Removes the compliance search from the Exchange Server.

Base Command

exchange2016-remove-compliance-search

Input
Argument Name Description Required
search-name Name of the compliance search Required

Context Output
Path Type Description
EWS.ComplianceSearch.Status string The status of the compliance search

Command Example
exchange2016-remove-compliance-search search-name="DemistoSearch939b54bcd2bb4848bb0885dc4071d366"
  
Context Example
{
    "EWS": {
        "ComplianceSearch": {
            "Status": "Removed", 
            "Name": "DemistoSearch939b54bcd2bb4848bb0885dc4071d366"
        }
    }
}
Human Readable Output

image


Purges the results found during the compliance search.

Base Command

exchange2016-purge-compliance-search-results

Input
Argument Name Description Required
search-name Name of the compliance search Required

Context Output

There is no context output for this command.

Command Example
exchange2016-purge-compliance-search-results search-name="DemistoSearch939b54bcd2bb4848bb0885dc4071d366"
  
Context Example
{
    "EWS": {
        "ComplianceSearch": {
            "Status": "Purging", 
            "Name": "DemistoSearch939b54bcd2bb4848bb0885dc4071d366"
        }
    }
}
Human Readable Output

image

5. Get the status of a purge operation


Checks the status of the purge operation on the compliance search.

Base Command

exchange2016-get-compliance-search-purge-status

Input
Argument Name Description Required
search-name Name of the compliance search Required

Context Output

There is no context output for this command.

Command Example
exchange2016-get-compliance-search-purge-status search-name="DemistoSearch939b54bcd2bb4848bb0885dc4071d366"
  
Context Example
{
    "EWS": {
        "ComplianceSearch": {
            "Status": "Purging", 
            "Name": "DemistoSearch939b54bcd2bb4848bb0885dc4071d366"
        }
    }
}
Human Readable Output

image