topic Read Email Body in Cortex XSOAR Discussions

Read Email Body

axespera — Thu, 10 Nov 2022 22:26:45 GMT

I am trying to write a playbook that will read the email body and understand what the email is related to base on keywords or patterns. Is there a script or integration that could do that? My best idea is to use Machine Learning for it, but I am not sure it will work. Thank you

Re: Read Email Body

jfernandes1 — Fri, 11 Nov 2022 01:58:44 GMT

Hi @axespera, the ML model for email body analysis works best if there is existing classified content for it to learn from. Refer - https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-9/cortex-xsoar-admin/machine-learing-models/phishing-classifier-demo/dbotpredictoutofthebox-examples#id605dcf55-5101-493b-810e-1cc3966ff82c, to see how it works once configured correctly.

If you want to do this without ML. I have previously done this with the help of a tags fields and playbook. The playbook checked the emails body for a list of keyword matches. Ex. if it contained un-subscribe the playbook would add "newsletter" to the tags fields. We had conditional check for multiple keywords with tags added for promotional, offer, financial, credential and newsletter. We then had a secondary playbook that checked for combination of tags. We also had tags added from the other parts of the email like the header.

Re: Read Email Body

axespera — Mon, 14 Nov 2022 04:14:27 GMT

Hi @jfernandes1 Thank you, my understanding is that with machine learning it would check for malicious words to make the decision, would you know if with the classifier I could make it just check if the words are business related or not instead of malicious or not? Also, I liked what you did with the tags.