Hi All,
I run default email parsing script in SOAR which parse following artifects
Email Recipient ( who sent email to SOAR)
URLs (If include in email body)
IP addresses (If include in email body)
File hashes (If include in email body)
But, It is not able to parse sender information i.e, Sender email address (outsider), Reciever email address (who recieved email in environemnt), Sender IP address and more information in email header. Can anyone please help me to built a function that will parse Email header
I have tried following procedure to send email to SOAR:
1. I have forward phishing email to SOAR which shows me following information:
Email Recipient (Who sent email to SOAR)
URLs (If include in email body)
IP addresses (If include in email body)
File hashes (If include in email body)
2. I have send email as attachment which shows me following information
Email Recipient (Who sent email to SOAR)
Email in attachment tab
------------------------------
Hafiz Tabish Imran Bilgrami
------------------------------