This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Parse email attaachement using EWS V2 Extension

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Parse email attaachement using EWS V2 Extension

adelbenjemaa
L1 Bithead

‎02-14-2023 09:26 AM

Hi all,
actually i am configuring an abuse email box that will receive all email that are suspected to be a phishing email,
actually when we send the suspected email as en EML attachement to the abuse email box that is alredy configured via EWS instance, we cannot find the orginial message parsed via mapping editor,
we only find the attachement file name like mentionned in the capture and the content of the eml file as a value for  the 'mime_conent' key (not parsed) ,
so how we can make modification of the contextual data, to add the attachement email info (sender recepient , content etc .. ) to the json data

thanks,



Please note you are posting a public message where community members and experts can provide assistance. Sharing private information such as serial numbers or company information is not recommended.
Preview file
20 KB
0 Likes Likes
5 REPLIES 5

chrking
L3 Networker

‎02-14-2023 05:58 PM

There's a pre-built playbook, "Process Email - Generic v2" from the Phishing pack which has logic for this that might be useful for reference. In the end, that's basically a fancy wrapper for the ParseEmailFiles automation so if that playbook is too far away from what you need you could always use the automation directly.

adelbenjemaa
L1 Bithead

‎02-15-2023 02:26 AM

Hi Chrkin,
thanks for your feedback, actually i am testing this playbook, but i face a problem with Set commande, i face this error:

---- Error Message
DBot
February 15, 2023 11:23 AM
Scripts returned an error
#44: Set reported email origin (attached)
Command: 
!Set key="ReportedEmailOrigin" value="Attached" stringify="false"
Reason
Error from Scripts is : Script failed to run: open /usr/local/demisto/res/_script_template.js: no such file or directory (2603)
 
---- 

 
i think that there is a misconfiguration or incompatibility with Set Commande,
i there any workaround?
i test the same commande in another playbook, but always i face the same problem,
you find the error in the screenshot

regards,
Preview file
44 KB
0 Likes Likes

chrking
L3 Networker
In response to adelbenjemaa

‎02-15-2023 04:24 PM

This looks like an issue with your installation, rather than anything wrong with the automation/playbook itself. I'd suggest checking out your /usr/local/demisto/res directory to make sure that it (and the referenced file) still exists, and that the demisto group has ownership of these files.

adelbenjemaa
L1 Bithead
In response to chrking

‎02-16-2023 06:39 AM

Hi Chrking,
i already check it, the file does not exist, i will open a case, do you know this package "demisto" is it related to specific module that need to be reinstalled?
regards,

0 Likes Likes

chrking
L3 Networker
In response to adelbenjemaa

‎02-16-2023 05:35 PM

"demisto" is the previous name for XSOAR, before it was acquired by Palo Alto. It's still used in lots of places. The _script_template files are part of the base install and not any marketplace package AFAIK.

0 Likes Likes
  • 1946 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks