Email Pre-Process not dropping email replies

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Email Pre-Process not dropping email replies

L3 Networker

I am attempting to use the Email Communication type to create email threads instead of new incidents when a reply is received. From what I understand you set a Proccessing-Rule based on type and then set "Run a script" to Pre-process email script. I have performed the test and it returns the incident will be created. In addition I have ensured that the outgoing email contains the EmailGeneratedCode with is 8 characters long and nevertheless this does not work and the reply email is created as a new incident. For the sake of piece of mind I have extracted the EmailGeneratedCode to another key and included it in the subject as well but to no effect. While performing the test i can see that upon each test the code is refreshed on the incident side and this is expected.  Has anyone encountered this problem before ?

To summarise my understanding of the use case. 1) Outgoing email from demisto to user. Containing this Email Generated code in ${} 2) User replies with the same subject as defualt. 3) The email arrives to Demisto and the Pre-Process Script assigns and extracts the details to the existing "original" incident based on this static code. 4) The Email Thread is updated through tags and the new and future replies are not created as a new incident. 

If this is not the chain of expected events please correct me. 

PCSAE
1 accepted solution

Accepted Solutions

L1 Bithead

For now, the use case doesn't support playbooks (as I said before, the incident should be created by our mail listener).

Please see the article of the pack, and the workflow section -  https://xsoar.pan.dev/docs/reference/packs/email-communication

The eight-digit code isn't enough, we also check other things like the email thread-ID (so the reply could work) and more.

 

With that being said, we are working on a few enhancements for the pack, and it might be possible, but not sure as the email communication wasn't created for this use case (reply from within the playbook automatically).

 

If you can, please open a-ha request for this enhancement 🙂 

 

View solution in original post

4 REPLIES 4

L1 Bithead

Hi Michaelsysec242,

 

I guess you are missing the first step of the use case (based on your summarize flow).

The first step in the use case is receiving an email from the end-user (an email arrive to XSOAR), then using the layout button, reply to that email. When the end-user replies to the reply sent from the XSOAR, it will be part of the same incident.

 

So, the first step isn't "Outgoing email from demisto to user", that actually the second step.

@YAltmann, if that is so then only mail sent by Use of the button on the Email Communication layout will allow this Pre-Process rule/script to work ! In any case the documentation states that as long as the eight digit code is included in the subject the rule will work. Is it possible to run this flow of reply from within the playbook automatically and all future replies will be added to the original mail event ?

PCSAE

L1 Bithead

For now, the use case doesn't support playbooks (as I said before, the incident should be created by our mail listener).

Please see the article of the pack, and the workflow section -  https://xsoar.pan.dev/docs/reference/packs/email-communication

The eight-digit code isn't enough, we also check other things like the email thread-ID (so the reply could work) and more.

 

With that being said, we are working on a few enhancements for the pack, and it might be possible, but not sure as the email communication wasn't created for this use case (reply from within the playbook automatically).

 

If you can, please open a-ha request for this enhancement 🙂 

 

L5 Sessionator

Hi @michaelsysec242, this function is available via our "Email Communication" pack. Please update your pack to get the latest version.

 

Could you confirm if you have followed these steps

1. https://xsoar.pan.dev/docs/reference/packs/email-communication#configure-the-service_mail-and-mail_s...

2. https://xsoar.pan.dev/docs/reference/packs/email-communication#pre-process-rule 

 

With the above 2 steps you should already start seeing incoming emails with the code being processed by the script. If your still having issue, I would recommend that you start the configuration from the start. The above links have a demo video at the end. 

 

Thanks. 

 

  • 1 accepted solution
  • 2930 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!