IBM QRadar SOAR

IBM QRadar SOAR

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
  • 1.  Truncating Email Replies

    Posted 07/06/21 09:32 PM

    Our organization uses a script to automatically parse inbound emails into their associated tickets as notes. This can become problematic when an email comes in that has a large number of replies - the large email is added in it's entirety to the notes section, and over time these compound and inflate the ticket notes with lots of extraneous information.

    My goal is to truncate everything but the "newest" part of an email when it is parsed into a note. My problem is determining where the most recent reply to an email chain ends, and the rest begins. In plaintext, I believe it's quite simple - look for lines beginning with '>'. In HTML, however, I feel like I'm sifting though a sea of div tags.

    Does anyone have any experience with this?


    #QradarSOAR
    #SupportMigration
    #Support


  • 2.  RE: Truncating Email Replies

    Posted 07/13/21 03:01 PM

    Hello, is any IBM product involved here or is this a general question?


    #Support
    #SupportMigration
    #QradarSOAR


  • 3.  RE: Truncating Email Replies

    Posted 07/19/21 02:05 PM

    Apologies - the product in use here is Resilient.


    #QradarSOAR
    #SupportMigration
    #Support


  • 4.  RE: Truncating Email Replies

    Posted 08/11/21 11:48 AM

    Good question. Any approaches to achieve this?

    Regards,

    Ralph


    #SupportMigration
    #Support
    #QradarSOAR


  • 5.  RE: Truncating Email Replies

    Posted 08/19/21 02:38 PM

    The separator for outlook is usually <div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm'> if that may be of help to you. Just be aware that, depending on your locale and the way that the HTML is parsed, the spacing may be different and "in" used instead of "cm".

    The easiest way to work out what the separator is might be to send yourself an arbitrary email with just a couple of words in it and reply to it. Save it as HTML and examine it for the separator to reduce the number of lines you need to go through


    #SupportMigration
    #QradarSOAR
    #Support