This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Extract Domains from Phishing Attached Email

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Palo Alto Networks Approved
Palo Alto Networks Approved
Community Expert Verified
Community Expert Verified

Extract Domains from Phishing Attached Email

bzahran
L0 Member

‎10-29-2022 06:31 AM

Hi Team,

 

I hope all are doing well; how can I extract the domains from the phishing attached files?

 

I extracted the email using " ParseEmailFilesV2 "; exported all the email parameters such as HTML and others successfully; however, once I tried to convert HTML XML output to JSON using "ConvertXmlToJson" automation, it did not work as expected.

 

I need to convert HTML - XML format to JSON with all domains available to be appended; any idea, team, how I can achieve it?

 

Thanks

Basel

0 Likes Likes
3 REPLIES 3

ivandijk
L0 Member

‎11-02-2022 01:55 AM - edited ‎11-02-2022 01:56 AM

Hi Basel,

If you run the ParseEmailFilesV2 automation with the "auto-extract=inline" argument, all domains will be extracted from the email too, into the ${Domain.Name} context.

Alternatively you can also run "extractIndicators" on the ${Email} key (after running ParseEmailFilesV2), then the domains will be extracted under ${ExtractedIndicators.Domain}. Attached an example:

ivandijk_1-1667379363585.png

 

 

 

Regarding the conversion, I'm not sure what XML you are referring to, we would need to see the XML, the command you ran, the expected result and the actual result.

Let me know if that helps.

nikoolayy1
L6 Presenter

‎11-07-2022 07:03 AM - edited ‎11-07-2022 07:06 AM

I never knew there were so many premade parsing scripts. @ivandijk is right about this. Better try ParseEmailFilesV2 as Ivan mentioned but there is an old one on python2 just in case but python2 is just supported for existing scripts and intergrations so you may not create a new script using the original one https://xsoar.pan.dev/docs/integrations/code-conventions so better use the V2.

 

nikoolayy1_1-1667833402656.png

 

0 Likes Likes

bzahran
L0 Member

‎11-23-2022 06:08 AM

Thanks a lot, Team, I used ParseEmailFilesV2  and everything looks perfect

0 Likes Likes
  • 2082 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks