Console

Send and respond to an email from Google SecOps SOAR

Supported in:

Google secops SOAR

This document describes how to incorporate interactive email correspondence into your security automation workflows. Using the built-in email actions, you can send outbound emails from the Google SecOps SOAR platform and automatically track, ingest, and log user responses directly to the case, making sure all communication and user input are recorded for further playbook processing.

Before you begin

Before you begin, you'll need to enable email capabilities, which requires you to install one of these integrations:

Microsoft Graph Mail–Use for Exchange Online.
Gmail–Use for Gmail accounts.

Send an email

To send an email and log its response in Google SecOps SOAR, follow these steps:

Select the Send Mail action to send an email.
Add the Wait For Mail From User action to periodically query the mailbox for a response. This action identifies the correspondence by using a unique ID.

Once the response is received, it's fetched into the platform.

The response can be seen on the case wall and used as an input for other actions in the playbook.

Need more help? Get answers from Community members and Google SecOps professionals.

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-09-21 UTC.