EWS rule commands - MS graph python integrations

Packs/ApiModules/Scripts/MicrosoftGraphMailApiModule/MicrosoftGraphMailApiModule.py

@@ -931,6 +931,22 @@ def body_extractor(email, parsed_email):
 
         return incident
 
+    def message_rules_action(self, action, user_id=None, rule_id=None, limit=50):
+        """
+        get/delete message rule action
+        """
+        if action != "DELETE":
+            return_empty_response = False
+            params = {'$top': limit}
+        else:
+            return_empty_response = True
+            params = {}
+            if rule_id is None:
+                raise ValueError("rule_id is required in order to delete the rule")
+
+        url = f"{f'/users/{user_id}' if user_id else '/me'}/mailFolders/inbox/messageRules{f'/{rule_id}' if rule_id else ''}"
+        return self.http_request(action.upper(), url, return_empty_response=return_empty_response, params=params)
+
 
 # HELPER FUNCTIONS
 class GraphMailUtils:
@@ -1980,3 +1996,29 @@ def send_email_command(client: MsGraphMailBaseClient, args):
             raw_response=prepared_args['body'],
         ))
     return results
+
+
+def list_rule_action_command(client: MsGraphMailBaseClient, args) -> CommandResults | dict:
+    rule_id = args.get('rule_id')
+    user_id = args.get('user_id')
+    limit = args.get('limit', 50)
+    hr_headers = ['id', 'displayName', 'isEnabled']
+    hr_title_parts = [f'!{demisto.command()}', user_id if user_id else '', f'for {rule_id=}' if rule_id else 'rules']
+    if rule_id:
+        hr_headers.extend(['conditions', 'actions'])
+    result = client.message_rules_action('GET', user_id=user_id, rule_id=rule_id, limit=limit)
+    result.pop('@odata.context', None)
+    outputs = [result] if rule_id else result.get('value', [])
+
+    return CommandResults(
+        outputs_prefix='MSGraphMail.Rule', outputs=outputs,
+        readable_output=tableToMarkdown(' '.join(hr_title_parts), outputs, headers=hr_headers,
+                                        headerTransform=pascalToSpace)
+    )
+
+
+def delete_rule_command(client: MsGraphMailBaseClient, args) -> str:
+    rule_id = args.get('rule_id')
+    user_id = args.get('user_id')
+    client.message_rules_action('DELETE', user_id=user_id, rule_id=rule_id)
+    return f"Rule {rule_id} deleted{f' for user {user_id}' if user_id else ''}."

Packs/MicrosoftGraphMail/Integrations/MicrosoftGraphListener/MicrosoftGraphListener.py

@@ -222,6 +222,11 @@ def main():     # pragma: no cover
             return_results(send_email_command(client, args))
         elif command == 'msgraph-mail-generate-login-url':
             return_results(generate_login_url(client))
+        elif command in ['msgraph-mail-get-rule', 'msgraph-mail-list-rules']:
+            return_results(list_rule_action_command(client, args))
+        elif command == 'msgraph-mail-delete-rule':
+            return_results(delete_rule_command(client, args))
+
     except Exception as e:
         return_error(str(e))
 

Packs/MicrosoftGraphMail/Integrations/MicrosoftGraphListener/MicrosoftGraphListener.yml

@@ -822,7 +822,7 @@ script:
       name: parent_folder_id
       required: true
     - defaultValue: '20'
-      description: The maximum number of mail folder lists to return. 
+      description: The maximum number of mail folder lists to return.
       name: limit
     - description: Flag for the rate limit retry.
       name: ran_once_flag
@@ -847,7 +847,82 @@ script:
     - contextPath: MSGraphMail.Folders.UnreadItemCount
       description: The number of unread email messages in the folder.
       type: Number
-  dockerimage: demisto/crypto:1.0.0.79610
+  - arguments:
+    - description: Maximum number of results to return.
+      name: limit
+      required: true
+      defaultValue: 50
+    description: List email rules for a user's mailbox using Microsoft Graph API.
+    name: msgraph-mail-list-rules
+    outputs:
+    - contextPath: MSGraphMail.Rule.conditions
+      description: Conditions that when fulfilled, will trigger the corresponding actions for that rule.
+      type: Unknown
+    - contextPath: MSGraphMail.Rule.actions
+      description: Actions to be taken on a message when the corresponding conditions are fulfilled.
+      type: Unknown
+    - contextPath: MSGraphMail.Rule.displayName
+      description: The display name of the rule.
+      type: String
+    - contextPath: MSGraphMail.Rule.exceptions
+      description: Exception conditions for the rule.
+      type: Unknown
+    - contextPath: MSGraphMail.Rule.hasError
+      description: Indicates whether the rule is in an error condition.
+      type: Boolean
+    - contextPath: MSGraphMail.Rule.id
+      description: The ID of the rule.
+      type: String
+    - contextPath: MSGraphMail.Rule.isEnabled
+      description: Indicates whether the rule is enabled to be applied to messages.
+      type: Boolean
+    - contextPath: MSGraphMail.Rule.isReadOnly
+      description: Indicates if the rule is read-only and cannot be modified or deleted by the rules REST API.
+      type: Boolean
+    - contextPath: MSGraphMail.Rule.sequence
+      description: Indicates the order in which the rule is executed, among other rules.
+      type: Number
+  - arguments:
+    - description: The ID of the rule to retrieve.
+      name: rule_id
+      required: true
+    description: Get details of a specific email rule by ID for a user's mailbox using Microsoft Graph API.
+    name: msgraph-mail-get-rule
+    outputs:
+    - contextPath: MSGraphMail.Rule.conditions
+      description: Conditions that when fulfilled, will trigger the corresponding actions for that rule.
+      type: Unknown
+    - contextPath: MSGraphMail.Rule.actions
+      description: Actions to be taken on a message when the corresponding conditions are fulfilled.
+      type: Unknown
+    - contextPath: MSGraphMail.Rule.displayName
+      description: The display name of the rule.
+      type: String
+    - contextPath: MSGraphMail.Rule.exceptions
+      description: Exception conditions for the rule.
+      type: Unknown
+    - contextPath: MSGraphMail.Rule.hasError
+      description: Indicates whether the rule is in an error condition.
+      type: Boolean
+    - contextPath: MSGraphMail.Rule.id
+      description: The ID of the rule.
+      type: String
+    - contextPath: MSGraphMail.Rule.isEnabled
+      description: Indicates whether the rule is enabled to be applied to messages.
+      type: Boolean
+    - contextPath: MSGraphMail.Rule.isReadOnly
+      description: Indicates if the rule is read-only and cannot be modified or deleted by the rules REST API.
+      type: Boolean
+    - contextPath: MSGraphMail.Rule.sequence
+      description: Indicates the order in which the rule is executed, among other rules.
+      type: Number
+  - arguments:
+    - description: The ID of the rule to delete.
+      name: rule_id
+      required: true
+    description: Delete a specific email rule by ID for a user's mailbox using Microsoft Graph API.
+    name: msgraph-mail-delete-rule
+  dockerimage: demisto/crypto:1.0.0.80694
   isfetch: true
   script: ''
   type: python

Packs/MicrosoftGraphMail/Integrations/MicrosoftGraphListener/README.md

@@ -31,6 +31,7 @@ The following permissions are required for all commands:
 - Mail.ReadWrite - Delegated
 - Mail.Send - Delegated
 - User.Read - Delegated 
+- MailboxSettings.ReadWrite - Delegated 
 
 ## Configure Microsoft Graph Mail Single User on Cortex XSOAR
 
@@ -596,3 +597,77 @@ Returns the folder list under the specified folder.
 | MSGraphMail.Folders.ParentFolderID | String | The parent folder ID. | 
 | MSGraphMail.Folders.TotalItemCount | Number | The total number of email messages in the folder. | 
 | MSGraphMail.Folders.UnreadItemCount | Number | The number of unread email messages in the folder. | 
+### msgraph-mail-list-rules
+
+***
+List email rules for a user's mailbox using Microsoft Graph API.
+
+#### Base Command
+
+`msgraph-mail-list-rules`
+
+#### Input
+
+| **Argument Name** | **Description** | **Required** |
+| --- | --- | --- |
+| limit | Maximum number of results to return. Default is 50. | Required | 
+
+#### Context Output
+
+| **Path** | **Type** | **Description** |
+| --- | --- | --- |
+| MSGraphMail.Rule.conditions | Unknown | Conditions that when fulfilled, will trigger the corresponding actions for that rule. | 
+| MSGraphMail.Rule.actions | Unknown | Actions to be taken on a message when the corresponding conditions are fulfilled. | 
+| MSGraphMail.Rule.displayName | String | The display name of the rule. | 
+| MSGraphMail.Rule.exceptions | Unknown | Exception conditions for the rule. | 
+| MSGraphMail.Rule.hasError | Boolean | Indicates whether the rule is in an error condition. | 
+| MSGraphMail.Rule.id | String | The ID of the rule. | 
+| MSGraphMail.Rule.isEnabled | Boolean | Indicates whether the rule is enabled to be applied to messages. | 
+| MSGraphMail.Rule.isReadOnly | Boolean | Indicates if the rule is read-only and cannot be modified or deleted by the rules REST API. | 
+| MSGraphMail.Rule.sequence | Number | Indicates the order in which the rule is executed, among other rules. | 
+### msgraph-mail-get-rule
+
+***
+Get details of a specific email rule by ID for a user's mailbox using Microsoft Graph API.
+
+#### Base Command
+
+`msgraph-mail-get-rule`
+
+#### Input
+
+| **Argument Name** | **Description** | **Required** |
+| --- | --- | --- |
+| rule_id | The ID of the rule to retrieve. | Required | 
+
+#### Context Output
+
+| **Path** | **Type** | **Description** |
+| --- | --- | --- |
+| MSGraphMail.Rule.conditions | Unknown | Conditions that when fulfilled, will trigger the corresponding actions for that rule. | 
+| MSGraphMail.Rule.actions | Unknown | Actions to be taken on a message when the corresponding conditions are fulfilled. | 
+| MSGraphMail.Rule.displayName | String | The display name of the rule. | 
+| MSGraphMail.Rule.exceptions | Unknown | Exception conditions for the rule. | 
+| MSGraphMail.Rule.hasError | Boolean | Indicates whether the rule is in an error condition. | 
+| MSGraphMail.Rule.id | String | The ID of the rule. | 
+| MSGraphMail.Rule.isEnabled | Boolean | Indicates whether the rule is enabled to be applied to messages. | 
+| MSGraphMail.Rule.isReadOnly | Boolean | Indicates if the rule is read-only and cannot be modified or deleted by the rules REST API. | 
+| MSGraphMail.Rule.sequence | Number | Indicates the order in which the rule is executed, among other rules. | 
+### msgraph-mail-delete-rule
+
+***
+Delete a specific email rule by ID for a user's mailbox using Microsoft Graph API.
+
+#### Base Command
+
+`msgraph-mail-delete-rule`
+
+#### Input
+
+| **Argument Name** | **Description** | **Required** |
+| --- | --- | --- |
+| rule_id | The ID of the rule to delete. | Required | 
+
+#### Context Output
+
+There is no context output for this command.

Packs/MicrosoftGraphMail/Integrations/MicrosoftGraphMail/MicrosoftGraphMail.py

@@ -231,6 +231,10 @@ def main():  # pragma: no cover
             return_results(send_email_command(client, args))
         elif command == 'msgraph-mail-auth-reset':
             return_results(reset_auth())
+        elif command in ['msgraph-mail-get-rule', 'msgraph-mail-list-rules']:
+            return_results(list_rule_action_command(client, args))
+        elif command == 'msgraph-mail-delete-rule':
+            return_results(delete_rule_command(client, args))
 
     # Log exceptions
     except Exception as e:

Packs/MicrosoftGraphMail/Integrations/MicrosoftGraphMail/MicrosoftGraphMail.yml

@@ -1054,6 +1054,93 @@ script:
   - description: Run this command if for some reason you need to rerun the authentication process.
     name: msgraph-mail-auth-reset
     arguments: []
+  - arguments:
+    - description: User ID or principal ID (usually an email address in the format someuser@example.com).
+      isArray: false
+      name: user_id
+      required: true
+    - description: Maximum number of results to return.
+      name: limit
+      required: true
+      defaultValue: 50
+    description: List email rules for a user's mailbox using Microsoft Graph API.
+    name: msgraph-mail-list-rules
+    outputs:
+    - contextPath: MSGraphMail.Rule.conditions
+      description: Conditions that when fulfilled, will trigger the corresponding actions for that rule.
+      type: Unknown
+    - contextPath: MSGraphMail.Rule.actions
+      description: Actions to be taken on a message when the corresponding conditions are fulfilled.
+      type: Unknown
+    - contextPath: MSGraphMail.Rule.displayName
+      description: The display name of the rule.
+      type: String
+    - contextPath: MSGraphMail.Rule.exceptions
+      description: Exception conditions for the rule.
+      type: Unknown
+    - contextPath: MSGraphMail.Rule.hasError
+      description: Indicates whether the rule is in an error condition.
+      type: Boolean
+    - contextPath: MSGraphMail.Rule.id
+      description: The ID of the rule.
+      type: String
+    - contextPath: MSGraphMail.Rule.isEnabled
+      description: Indicates whether the rule is enabled to be applied to messages.
+      type: Boolean
+    - contextPath: MSGraphMail.Rule.isReadOnly
+      description: Indicates if the rule is read-only and cannot be modified or deleted by the rules REST API.
+      type: Boolean
+    - contextPath: MSGraphMail.Rule.sequence
+      description: Indicates the order in which the rule is executed, among other rules.
+      type: Number
+  - arguments:
+    - description: User ID or principal ID (usually an email address in the format someuser@example.com).
+      isArray: false
+      name: user_id
+      required: true
+    - description: The ID of the rule to retrieve.
+      name: rule_id
+      required: true
+    description: Get details of a specific email rule by ID for a user's mailbox using Microsoft Graph API.
+    name: msgraph-mail-get-rule
+    outputs:
+    - contextPath: MSGraphMail.Rule.conditions
+      description: Conditions that when fulfilled, will trigger the corresponding actions for that rule.
+      type: Unknown
+    - contextPath: MSGraphMail.Rule.actions
+      description: Actions to be taken on a message when the corresponding conditions are fulfilled.
+      type: Unknown
+    - contextPath: MSGraphMail.Rule.displayName
+      description: The display name of the rule.
+      type: String
+    - contextPath: MSGraphMail.Rule.exceptions
+      description: Exception conditions for the rule.
+      type: Unknown
+    - contextPath: MSGraphMail.Rule.hasError
+      description: Indicates whether the rule is in an error condition.
+      type: Boolean
+    - contextPath: MSGraphMail.Rule.id
+      description: The ID of the rule.
+      type: String
+    - contextPath: MSGraphMail.Rule.isEnabled
+      description: Indicates whether the rule is enabled to be applied to messages.
+      type: Boolean
+    - contextPath: MSGraphMail.Rule.isReadOnly
+      description: Indicates if the rule is read-only and cannot be modified or deleted by the rules REST API.
+      type: Boolean
+    - contextPath: MSGraphMail.Rule.sequence
+      description: Indicates the order in which the rule is executed, among other rules.
+      type: Number
+  - arguments:
+    - description: User ID or principal ID (usually an email address in the format someuser@example.com).
+      isArray: false
+      name: user_id
+      required: true
+    - description: The ID of the rule to delete.
+      name: rule_id
+      required: true
+    description: Delete a specific email rule by ID for a user's mailbox using Microsoft Graph API.
+    name: msgraph-mail-delete-rule
   dockerimage: demisto/crypto:1.0.0.80694
   isfetch: true
   runonce: false

Packs/MicrosoftGraphMail/Integrations/MicrosoftGraphMail/MicrosoftGraphMail_description.md

@@ -39,19 +39,5 @@ Using a national cloud endpoint is supported by setting the **Server URL** param
 See [Microsoft Integrations - Using National Cloud](https://xsoar.pan.dev/docs/reference/articles/microsoft-integrations---authentication#using-national-cloud) for more information.
 
 
-Important to know:
-New commands were added to the integration, which require different application permissions:
-- ***msgraph-mail-create-draft***
-- ***msgraph-mail-send-draft***
-- ***msgraph-mail-reply-to***
-- ***send-mail***
-
 ## Lookback Parameter Notes
 * Setting the lookback parameter will fetch duplicated incidents in the event that incidents that fall out during the given look-back time were already fetched.
-
-
-To use these commands and to fetch incidents,
-you will need to add to your application the **Mail.Send application** permission (not delegated),
-and re-authorize your integration's instance.
-
-If you do not wish to use these commands, you may keep your integration credentials the same.