Team,
We have use the generic email parsing script available when we deploy the IBM Cloud Pak for Security on-premises v1.7.2. under the customization, script, we modify the script to add the required artifacts such as
Email Sender
Email Receipint
However when we try to modify the script, it only shows email sender or email recipient but we require both artifacts to be gathered when the email send to monitored mailbox
Moreover, we have tried sending the email by forwarding the suspicious email to monitored mailbox and by attaching the original email. The script is only able to extract the URL, IP address and hashes find from that email but we were unable to extract the recipient and suspicious sender who send this email to end user.
if we attach the original email, the script wont parse the values and add those as artifact to that particular case as an attachment. We need to know what is the best possible way to send the email to monitored mailbox so that we can validate it by replicating the same step which is recommended for parsing script
Moreover, if someone can tell that the script will be updated in next release of CP4S please do let us know.
I have attached both the script which we have used during the testing and deployment phase.
------------------------------
Usman Ahmed
------------------------------