AgentSOC Mail Block
Connect the AgentSOC managed phishing blocklist so AgentSOAR can block inbound email from a malicious sender domain. This is a managed integration — there is no third-party cloud console to configure, just a single bearer token issued by the blocklist service.
What this enables
This credential powers one AgentSOAR response capability via the AgentSOC managed phishing blocklist:
| Capability | What it does | How |
|---|---|---|
block_email_domain | Blocks inbound mail from a malicious sender domain | AgentSOC managed phishing blocklist |
Because the blocklist is managed, this is the fastest way to get domain-level mail blocking without standing up a tenant-specific Microsoft 365 or Google Workspace credential.
Prerequisites
- A bearer token issued by the AgentSOC managed blocklist service (see Step 1).
- For self-hosted deployments, the platform's
PHISHING_BLOCKLIST_URLenvironment variable must point at a reachable blocklist service. - Access to AgentSOAR → Settings → Credentials (
/agentsoar/settings/credentials).
How the connection works
AgentSOC Mail Block is a managed integration — it talks to the AgentSOC phishing blocklist service, so there is no third-party cloud console to configure. Authentication is a single bearer token issued by that service. One value goes into the credential form:
| Value | What it is |
|---|---|
| Token | A bearer token issued by the AgentSOC blocklist service |
The blocklist service endpoint itself is configured on the platform (the
PHISHING_BLOCKLIST_URL environment variable) and is not entered here.
Step 1 — Obtain a blocklist token
The token is issued by the AgentSOC managed blocklist service, not by an external provider.
- If your deployment is operated by AgentSOC, request a blocklist token from your AgentSOC contact or support.
- If you self-host the blocklist service, issue a token from that service following its own documentation.
Step 2 — Add the credential in AgentSOAR and validate
- In AgentSOAR, open Settings → Credentials (
/agentsoar/settings/credentials). - Add an AgentSOC Mail Block credential and paste the Token from Step 1.
- Save. AgentSOAR validates the token against the blocklist service.
- Once it shows Healthy, the mail-block action is ready to use.
Troubleshooting
| Error | Likely cause and fix |
|---|---|
AgentSOC blocklist rejected the token (401/403) | The token is wrong, expired, or revoked. Request a new token. |
Network error reaching AgentSOC blocklist | The blocklist service is unreachable. Confirm the platform's PHISHING_BLOCKLIST_URL is set correctly and the service is up. |
AgentSOC blocklist returned 5xx | The blocklist service is failing. Retry shortly, or contact your AgentSOC administrator. |
Reference: Contact your AgentSOC administrator for blocklist service access.