IBM Security QRadar SOAR

 View Only

Outbound Email 2.0

By Mark Scherfling posted Wed October 05, 2022 06:02 PM

We just published a new version of Outbound email which adds a number of new capabilities which we'd like to highlight. You can find the app on the AppExchange here: The goal of this app to capture all emails associated with an incident in one place.

Key new features include:

  • OAuth support
  • Expanded template support including artifact and comment data 
  • Email conversations saved in a datatable
  • Additional email headers exposed
Below is a view of the Email Conversation table with a copy of the original email followed by a threaded outbound email response. 'Threading' is accomplished through the use of the original email's Message Id when sending the outbound email message. 

To accompany these changes, the Generic Email Parsing script (also on the AppExchange) has been upgraded to use the Email Conversation datatable. See version 2.3.0 here: This script will capture the inbound email message Id and save it to the created incident.  The original content of the inbound email is also saved to the Email Conversation datatable.

Additional changes to both outbound email and inbound email capabilities are planned in future apps and versions of the product. The goal is to improve on the unification capabilities which we have addressed here.