IBM QRadar SOAR

IBM QRadar SOAR

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Extract email body from EML file

    Posted Wed September 07, 2022 11:43 AM
    Hello!

    I am trying to do a machine learning project on email bodies. Therefore, I'd like to use the Resilient REST API to download the emails. The emails are attached to incidents as EML files. However, when I download the file with the API, I don't have a simple way of extracting the mail body.

    I have tried using regex to extract the body, but there does not seem to be a clear way of doing so, as the EML cosists of a bunch of metadata, followed by the body. Since the meta data varies from mail to mail, this becomes hard.

    I have also tried searching for EML parsers, but without luck.

    Has anyone come across an easy way of extracting the mail body from EML attachments?

    Unfortunately, I cannot supply any examples as all the mails I have cotain sensitive information.

    Thank you guys in advance!

    //Andreas :)

    ------------------------------
    Andreas Rasmussen
    ------------------------------


  • 2.  RE: Extract email body from EML file

    Posted Thu September 08, 2022 09:28 AM
    Hi Andreas,

    Take a look at our email parsing logic in fn_utilities: https://github.com/ibmresilient/resilient-community-apps/blob/master/fn_utilities/fn_utilities/components/utilities_email_parse.py

    It's a complex solution which uses a perl module for some of the parsing. It's possible to create a new function to extract the email message and then pass that data from that into this email parsing function for the data extraction. 

    Good luck,
    Mark

    ------------------------------
    Mark Scherfling
    ------------------------------

    Original Message