PerceptionPoint

Use the Perception Point integration to resend falsely quarantined emails.

Get your Perception Point API token

To get an API token, contact PerceptionPoint support.

API token use cases

To set the number of results to return, specify the parameter "Number of API loops". Each loop returns a maximum of 20 items.

  • View and manage your incidents list. This list will be updated automatically in the Incidents dashboard.
  • Release emails from quarantine and resend them to their recipients, by passing the scan ID as an argument.

Configure PerceptionPoint on Demisto

  1. Navigate to Settings > Integrations > Servers & Services .
  2. Search for Perception Point.
  3. Click Add instance to create and configure a new integration instance.
    • Name : a textual name for the integration instance.
    • Token to use Perception Point's API
    • No. of API loops
    • Fetch incidents
    • Fetch blocked incidents
    • Fetch spam incidents
    • Fetch malicious incidents
    • Incident type
    • Trust any certificate (insecure)
    • Use system proxy
  4. Click Test to validate the URLs, token, and connection.

Commands

You can execute these commands from the Demisto CLI, as part of an automation, or in a playbook.
After you successfully execute a command, a DBot message appears in the War Room with the command details.

  1. Resend a falsely quarantined email: pp-release-email

1. Resend a falsely quarantined email


Resends an email that was falsely quarantined, using the scan ID.

Base Command

pp-release-email

Input
Argument Name Description Required
scan_id The PP scan ID of the email. Required

Context Output
Path Type Description
PP.Released number The scan ID of the released email.

Command Example
pp-release-email scan_id="80052041"
Context Example
{
    "PP.Released": "80052041"
}
Human Readable Output

Email with id 80052041 was released Successfully!