Process Email - Core

Adds email details to the relevant context entities and handle the case where original emails are attached.

Dependencies

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks

This playbook does not use any sub-playbooks.

Integrations

  • Builtin

Scripts

  • ParseEmailFiles
  • Set
  • IdentifyAttachedEmail

Commands

  • setIncident

Playbook Inputs


NameDescriptionDefault ValueSourceRequired
FileThe EML or MSG file.NoneFileOptional
EmailThe receiving email addresslabels.EmailincidentOptional
Email/ccTHe CC addresses.labels.CCincidentOptional
Email/fromThe originator of the email.labels.Email/fromincidentOptional
Email/subjectThe email’s subject.labels.Email/subjectincidentOptional
Email/textThe email text.labels.Email/textincidentOptional
Email/htmlThe HTML version of the email.labels.Email/htmlincidentOptional
Email/headersThe email’s headers.labels.Email/headersincidentOptional
Email/formatThe email’s format.labels.Email/formatincidentOptional

Playbook Outputs


PathDescriptionType
Email.HTMLTHe Email "HTML" body, if it exists.string
EmailThe email object.unknown
Email.CCThe email "cc" addresses.string
Email.FromThe email "from" sender.string
Email.SubjectThe email subject.string
Email.ToThe email "to" addresses.string
Email.TextThe email "text" body, if it exists.string
Email.HeadersThe full email headers as a single string.string
Email.AttachmentsThe list of attachment names in the email.string
Email.FormatThe format of the email, if it is available.string
FileThe file object.unknown

Playbook Image


Process_Email_Core