IBM QRadar SOAR

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

View Only

Back to discussions

Expand all | Collapse all

Phishing Email Parse (Original sender email ID)

1. Phishing Email Parse (Original sender email ID)

Like
Srini B
Posted Fri June 23, 2023 03:19 PM

Reply
Hello,

We started working on SOAR recently and as part of it I am working to automate our Phishing response process. I was able to connect the incoming emails connecting and setup a automatic rule to parse the email > incident using SOAR's out-of-box email parsing script.

The issue is when someone forwards the email, the original email is coming as an attachment and when the out-of-box script parses, it is unable to flag the original email sender (potential hacker).

Any insights are highly appreciated.

------------------------------
Srini B
------------------------------

IBM QRadar SOAR

IBM QRadar SOAR

Phishing Email Parse (Original sender email ID)

1. Phishing Email Parse (Original sender email ID)

Additional
Resources

Office

Quick Links

IBM QRadar SOAR

IBM QRadar SOAR

Phishing Email Parse (Original sender email ID)

1. Phishing Email Parse (Original sender email ID)

Related Content

Phishing Email Parsing script

Email Parsing Script

Parse Utilities: Email Parsing

Resilient email parse script.

Email message parsing script

Additional Resources

Office

Quick Links

Additional
Resources