Hi All,

I am currently hoping to make use of the "Process Inbound Email" Script against any emails within the phishing submissions mailbox.

Everything has been set up and the script is working. However, it isn't taking the correct information. This is because when a user reports an email, it gets attached and sent to the phishing submissions mailbox (like below):

As a result, it puts "AP", the person who reported the email, rather than the actual suspicious sender itself. The same for Office365Submissions being put down as the receiver, etc.

Can you advise on how best to resolve this? Would I need to tweak the way I've set up the phishing submissions mailbox on the way it receives submissions, or is there a way to get the script to analyse the attachement itself?

Regards,

Iqra

Hi Iqra

The process inbound assumes that the email is coming directly into the inbound email queue.  You would need to make a copy of the script and modify to your own needs.

Hi All,

I am currently hoping to make use of the "Process Inbound Email" Script against any emails within the phishing submissions mailbox.

Everything has been set up and the script is working. However, it isn't taking the correct information. This is because when a user reports an email, it gets attached and sent to the phishing submissions mailbox (like below):

As a result, it puts "AP", the person who reported the email, rather than the actual suspicious sender itself. The same for Office365Submissions being put down as the receiver, etc.

Can you advise on how best to resolve this? Would I need to tweak the way I've set up the phishing submissions mailbox on the way it receives submissions, or is there a way to get the script to analyse the attachement itself?

Regards,

Iqra

Hi All,

I am currently hoping to make use of the "Process Inbound Email" Script against any emails within the phishing submissions mailbox.

Everything has been set up and the script is working. However, it isn't taking the correct information. This is because when a user reports an email, it gets attached and sent to the phishing submissions mailbox (like below):

As a result, it puts "AP", the person who reported the email, rather than the actual suspicious sender itself. The same for Office365Submissions being put down as the receiver, etc.

Can you advise on how best to resolve this? Would I need to tweak the way I've set up the phishing submissions mailbox on the way it receives submissions, or is there a way to get the script to analyse the attachement itself?

Regards,

Iqra

Hi Igra,

i think it is not possible to analyse the attachment with the script.

But you can use the App "Parse Utilities Function for SOAR" to analyse the atttachment. It contains functions to analyse eml and msg Mail Files

Hi All,

I am currently hoping to make use of the "Process Inbound Email" Script against any emails within the phishing submissions mailbox.

Everything has been set up and the script is working. However, it isn't taking the correct information. This is because when a user reports an email, it gets attached and sent to the phishing submissions mailbox (like below):

As a result, it puts "AP", the person who reported the email, rather than the actual suspicious sender itself. The same for Office365Submissions being put down as the receiver, etc.

Can you advise on how best to resolve this? Would I need to tweak the way I've set up the phishing submissions mailbox on the way it receives submissions, or is there a way to get the script to analyse the attachement itself?

Regards,

Iqra