02-14-2023 09:26 AM
Hi all,
actually i am configuring an abuse email box that will receive all email that are suspected to be a phishing email,
actually when we send the suspected email as en EML attachement to the abuse email box that is alredy configured via EWS instance, we cannot find the orginial message parsed via mapping editor,
we only find the attachement file name like mentionned in the capture and the content of the eml file as a value for the 'mime_conent' key (not parsed) ,
so how we can make modification of the contextual data, to add the attachement email info (sender recepient , content etc .. ) to the json data
thanks,
02-14-2023 05:58 PM
There's a pre-built playbook, "Process Email - Generic v2" from the Phishing pack which has logic for this that might be useful for reference. In the end, that's basically a fancy wrapper for the ParseEmailFiles automation so if that playbook is too far away from what you need you could always use the automation directly.
02-15-2023 02:26 AM
Hi Chrkin,
thanks for your feedback, actually i am testing this playbook, but i face a problem with Set commande, i face this error:
02-15-2023 04:24 PM
This looks like an issue with your installation, rather than anything wrong with the automation/playbook itself. I'd suggest checking out your /usr/local/demisto/res directory to make sure that it (and the referenced file) still exists, and that the demisto group has ownership of these files.
02-16-2023 06:39 AM
Hi Chrking,
i already check it, the file does not exist, i will open a case, do you know this package "demisto" is it related to specific module that need to be reinstalled?
regards,
02-16-2023 05:35 PM
"demisto" is the previous name for XSOAR, before it was acquired by Palo Alto. It's still used in lots of places. The _script_template files are part of the base install and not any marketplace package AFAIK.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!