SOAR Approval

For the requests coming through SOAR to function properly after approval, the SOAR integration must be correctly implemented into the application. You can access this page for the SOAR integration.
For requests to appear in SOAR Approval, the user or admin must first submit a SOAR request from the reported e-mails section. The SOAR part appears at the very bottom after clicking on the reported email.

From the previous tab you can view & edit the following:

  1. Domain of the person sending the SOAR Approval is displayed in the Approval section.
  2. IP address of the person sending the SOAR Approval is displayed in the Approval section.
  3. Specify until which date the SOAR Approval will be valid.
  4. Data for the action to be seen in SOAR Approval is sent.
  5. You can select which Domains from the email will be sent to SOAR Approval.
  6. You can select which IP addresses from the email will be sent to SOAR Approval.
  7. You can select which URLs from the email will be sent to SOAR Approval.
  8. You can select which Hashes from the email will be sent to SOAR Approval.
  9. You can add external notes within the SOAR Approval.

Afterward, when you click the process button, the SOAR Approval will appear in the SOAR Approval tab for the administrator of the application.

 

SOAR Approval Page

In this section, you can view incoming SOAR Approvals, approve or reject them if you are an administrator, or learn the details about the approval.

From here you can view the following:

  1. You can view the status of the incoming approval.
  2. Approved shows that the request has been approved by the administrator.
  3. Pending indicates that the request is in a waiting stage.
  4. Rejected indicates that the request has been rejected.
  5. From which email the approval was sent.
  6. Which SOAR resource the approval was sent.
  7. The date the approval was sent.
  8. The details of the approval.

 

From here you can view the following:

  1. The email address of the person who reported the email.
  2. The subject of the email.
  3. The email of the person who sent the SOAR Approval.
  4. The domains sent for SOAR Approval.
  5. The IP addresses sent for SOAR Approval.
  6. The hashes sent for SOAR Approval.
  7. You can approve or reject the incoming approval.

Process Section

After the SOAR Approval request is approved, if you go to the SOAR section at the bottom of the email, you will find the Processes section where you can view all the SOAR Approvals that have been made for that email so far.

From here you can view the following:

  1. The request was processed on the SOAR side is displayed.
  2. The author is displayed.
  3. The SOAR service is being used is displayed.
  4. The data being used is displayed (Domains, IP Addresses, Hashes, etc.).
  5. The status of the request sent to the SOAR service is displayed.
  6. The action taken by the SOAR service is displayed.