IBM Security QRadar SOAR

 View Only
Expand all | Collapse all

Missing "Process email message" rule from Generic Email Parsing Script app

  • 1.  Missing "Process email message" rule from Generic Email Parsing Script app

    Posted Mon February 18, 2019 12:18 PM
    Hi,
    I have downloaded Generic Email Parsing Script from Generic Email Parsing Script - IBM Security App Exchange
    But after the installation I can't the "Process email message" rule?
    thanks for your help

    ------------------------------
    Gabriel NKUITE
    Open Group and IBM Certified ITS
    IBM
    Bois Colombes
    336 71016868
    ------------------------------


  • 2.  RE: Missing "Process email message" rule from Generic Email Parsing Script app

    Posted Mon February 18, 2019 06:51 PM
    I'm having same problem. After installing the Resilient config file, I do not see the rule "Process email message" as indicated in the PDF. Do we have to add the Inbound connection first before running the config file?

    Thanks,
    Peter

    ------------------------------
    Peter Chang
    ------------------------------

    Original Message


  • 3.  RE: Missing "Process email message" rule from Generic Email Parsing Script app

    Posted Tue February 19, 2019 02:28 AM
    You have configured the IMAP connection against the Mailbox right?...
    You have deployed the integration server and installed the generic email parsing right?
    As soon as you have imported the configuration file you have to change the email owner as describe in the generic parsing PDF documentation.

    Try different subjects and also includes different artifacts...

    Could you confirm the version and also that you followed all the steps above?


    Regards,

    ------------------------------
    PABLO ROBERTO GARCIA
    ------------------------------

    Original Message


  • 4.  RE: Missing "Process email message" rule from Generic Email Parsing Script app

    Posted Tue February 19, 2019 03:25 AM
    I followed what you are explaining without success.

    ------------------------------
    Gabriel NKUITE
    Open Group and IBM Certified ITS
    IBM
    Bois Colombes
    336 71016868
    ------------------------------

    Original Message


  • 5.  RE: Missing "Process email message" rule from Generic Email Parsing Script app

    Posted Tue February 19, 2019 05:00 AM
    If the version is updated I will raise a ticket to support.

    Regards,

    ------------------------------
    PABLO ROBERTO GARCIA
    ------------------------------

    Original Message


  • 6.  RE: Missing "Process email message" rule from Generic Email Parsing Script app

    Posted Tue February 19, 2019 09:10 AM
    I downloaded the current version from App exchange "Uploaded on Jan 3, 2019". Is this OK?

    ------------------------------
    Gabriel NKUITE
    Open Group and IBM Certified ITS
    IBM
    Bois Colombes
    336 71016868
    ------------------------------

    Original Message


  • 7.  RE: Missing "Process email message" rule from Generic Email Parsing Script app

    Posted Tue February 19, 2019 09:23 AM
    I was thinking more about the Resilient version, The new email connector is a new capability that old versions was running in a different way....

    I have the version 32.0.4502 and the version 32.1.93  and both seems to be working properly.

    Regards,


    ------------------------------
    PABLO ROBERTO GARCIA
    ------------------------------

    Original Message


  • 8.  RE: Missing "Process email message" rule from Generic Email Parsing Script app

    Posted Tue February 19, 2019 09:58 AM
    I am using the version 32.1.93 too. Then I am missing something. But I don't know what because in the doc there is nothing to do to get the new rule called "Process email message". ? Could you just explain what steps you did except the following change please? thx
    newIncidentOwner = "analyst01@reslab.ibm.com"

    ------------------------------
    Gabriel NKUITE
    Open Group and IBM Certified ITS
    IBM
    Bois Colombes
    336 71016868
    ------------------------------

    Original Message


  • 9.  RE: Missing "Process email message" rule from Generic Email Parsing Script app

    Posted Tue February 19, 2019 07:14 PM
    I manually created the missing "Process Emails" rule according to the demo and got it working.



    ------------------------------
    Peter Chang
    ------------------------------

    Original Message


  • 10.  RE: Missing "Process email message" rule from Generic Email Parsing Script app

    Posted Wed February 20, 2019 03:28 AM
    If I am not wrong I created a rule calling to script.

    rule



    ------------------------------
    PABLO ROBERTO GARCIA
    ------------------------------

    Original Message


  • 11.  RE: Missing "Process email message" rule from Generic Email Parsing Script app

    Posted Thu February 21, 2019 02:58 AM
      |   view attached
    I did the same config without success. I am really wondering that there is no clear procedure even on the knowledge center to configure inbound email connector.


    ------------------------------
    Gabriel NKUITE
    Open Group and IBM Certified ITS
    IBM
    Bois Colombes
    336 71016868
    ------------------------------

    Original Message


  • 12.  RE: Missing "Process email message" rule from Generic Email Parsing Script app

    Posted Thu February 21, 2019 03:51 AM
    I don't know exactly if there is a step by step procedure...
    Logged in Resilient, Do you see the emails at inbox section?... Are you able to see/delete the email messages from resilient?...

    I am not sure how to troubleshoot your case.

    Regards,

    ------------------------------
    PABLO ROBERTO GARCIA
    ------------------------------

    Original Message


  • 13.  RE: Missing "Process email message" rule from Generic Email Parsing Script app

    Posted Thu February 21, 2019 04:39 AM

    Hi Gabriel,
                 To answer your first question there is a problem with the rule being missing from the bundle on app exchange. Thanks for highlighting this. We are working to fix this.

    On your second problem I'm curious too you you see emails in the Inbox? If not have you tested the connection to your inbox by pressing the "Test Connection" button on the Connection screen?



    ------------------------------
    PATRICK DIVILLY
    ------------------------------

    Original Message


  • 14.  RE: Missing "Process email message" rule from Generic Email Parsing Script app

    Posted Thu February 21, 2019 06:25 AM
    Test connection screenshot OK

    ------------------------------
    Gabriel NKUITE
    Open Group and IBM Certified ITS
    IBM
    Bois Colombes
    336 71016868
    ------------------------------

    Original Message


  • 15.  RE: Missing "Process email message" rule from Generic Email Parsing Script app

    Posted Thu February 21, 2019 07:52 AM
    Should the value of  newIncidentOwner = "analyst01@reslab.ibm.com" the owner of the mail box? Because that is not the case in my configuration. Thx for your help

    ------------------------------
    Gabriel NKUITE
    Open Group and IBM Certified ITS
    IBM
    Bois Colombes
    336 71016868
    ------------------------------

    Original Message


  • 16.  RE: Missing "Process email message" rule from Generic Email Parsing Script app

    Posted Thu February 21, 2019 08:10 AM
    I make progress, but I don't know how :-)
    Inbox is still not visible!
    Email Notification failure

    ------------------------------
    Gabriel NKUITE
    Open Group and IBM Certified ITS
    IBM
    Bois Colombes
    336 71016868
    ------------------------------

    Original Message


  • 17.  RE: Missing "Process email message" rule from Generic Email Parsing Script app

    Posted Thu February 21, 2019 08:27 AM
    As the variable says "newincidentOwner" should be the user that is registered in Resilient which becomes the Owner of the incident.

    Regards,

    ------------------------------
    PABLO ROBERTO GARCIA
    ------------------------------

    Original Message


  • 18.  RE: Missing "Process email message" rule from Generic Email Parsing Script app

    Posted Thu February 21, 2019 09:25 AM
    I got from this link https://success.resilientsystems.com/hc/en-us/articles/360002430600?page=1
    the info that was missing i.e setting the "Inbox Permissions" for the Roles.
    Now, it is working well for me.

    ------------------------------
    Gabriel NKUITE
    Open Group and IBM Certified ITS
    IBM
    Bois Colombes
    336 71016868
    ------------------------------

    Original Message


  • 19.  RE: Missing "Process email message" rule from Generic Email Parsing Script app

    Posted Thu February 21, 2019 09:30 AM
    Well done Mate.

    Regards,

    ------------------------------
    PABLO ROBERTO GARCIA
    ------------------------------

    Original Message


  • 20.  RE: Missing "Process email message" rule from Generic Email Parsing Script app

    Posted Fri February 22, 2019 08:58 AM
    The missing rule problem has been fixed. Latest version on App Exchange includes the rule: https://exchange.xforce.ibmcloud.com/hub/extension/4ba70106b6f2dfa77cb1e3c921db7ff5

    ------------------------------
    PATRICK DIVILLY
    ------------------------------

    Original Message


  • 21.  RE: Missing "Process email message" rule from Generic Email Parsing Script app

    Posted Fri February 22, 2019 09:43 AM
    Hi Patrick,

    Thanks. I have successfully tested the update.
    1. Delete the Rule I created manually.
    2. Import the update
    3. Change the value of newIncidentOwner
    4. Test OK

    ------------------------------
    Gabriel NKUITE
    Open Group and IBM Certified ITS
    IBM
    Bois Colombes
    336 71016868
    ------------------------------

    Original Message