Automated response actions through the Cortex Advanced Email Security module improve efficiency and reduce noise.
The lightweight, real-time response engine inside the Advanced Email Security module executes automatic policy-driven actions to quickly respond to email threats before they manifest. Build your policy from the rules you configure by customizing the out-of-the-box templates.
Define the rules for your email security policy in Email Remediation Response Rules, located in → → → .
Review all the remediation actions initiated by your policy in the Email Remediation Action Center, located in → → → .
The automated email response engine provides the following advantages:
Accelerated response: Execution of time-sensitive email response actions directly within the application interface, significantly reducing response latency.
Unified audit and visibility: A single source of truth for all response activities. Every email action, whether through the engine or through playbooks, is seamlessly logged and fully auditable.
Optimized analyst workflow: SOC analyst efficiency through intuitive controls and a zero-switch environment, ensuring investigations move quickly and without interruption.
The email response engine supports the following actions:
Soft delete email
Undelete Email
Report as phishing
Send warning email
Move Email to Folder
Mark as Safe
Mark as Malicious
Note
For extra automated actions, use the playbooks, scripts, and commands in the Cortex XSIAM automation engine. For more information, see Automation in Cortex XDR.