Prerequisit : have the Utility Functions  integration installed and configured  Link to App Exchange
Purpose : Enhance the standard information given by this integration in Artifact Description & Note
and remove the Action button Email Parsing (Artifact) if already done
Changes :

• New Rule Email Parsing (Artifact) and Email Parsing (Attachment)
• New Workflows
  • Email Parsing Artifact as duplicate of the Example: Email Parsing Artifact with changes in post process scripts
  • Email Parsing Attachment as duplicate of the Example: Email Parsing Attachment with changes in post process scripts

Previous Rules from this package can be desactivated or removed

Results in Note:


------------------------------
BENOIT ROSTAGNI
------------------------------

Has anyone increased the usability of this function by adding the ability to parse the incident notes field as well?

------------------------------
Ryan Terry
------------------------------

Original Message:
Sent: Wed August 28, 2019 09:47 AM
From: BENOIT ROSTAGNI
Subject: Enhance Email Parser Function and add results in Notes and Artifact Description

Prerequisit : have the Utility Functions  integration installed and configured  Link to App Exchange
Purpose : Enhance the standard information given by this integration in Artifact Description & Note
and remove the Action button Email Parsing (Artifact) if already done
Changes :

• New Rule Email Parsing (Artifact) and Email Parsing (Attachment)
• New Workflows
  • Email Parsing Artifact as duplicate of the Example: Email Parsing Artifact with changes in post process scripts
  • Email Parsing Attachment as duplicate of the Example: Email Parsing Attachment with changes in post process scripts

Previous Rules from this package can be desactivated or removed

Results in Note:

from Attachement

from Artifact

and in Artifact description:

Attached is the res file to import this configuration.
Feel free to use, change, adapt this code to your usage.

Building the res file:
resilient-circuits extract --workflow "email_parsing_artifact" "email_parsing_attachment" --rule "Email Parsing (Artifact)" "Email Parsing (Attachment)" -o config_MAILparser.res --zip

------------------------------
BENOIT ROSTAGNI
------------------------------

Ryan,

Can you explain what you mean?

------------------------------
Jared Fagel
Cyber Security Analyst I
Public Utility
------------------------------

Original Message:
Sent: Thu January 09, 2020 06:16 PM
From: Ryan Terry
Subject: Enhance Email Parser Function and add results in Notes and Artifact Description

Has anyone increased the usability of this function by adding the ability to parse the incident notes field as well?

------------------------------
Ryan Terry

Original Message:
Sent: Wed August 28, 2019 09:47 AM
From: BENOIT ROSTAGNI
Subject: Enhance Email Parser Function and add results in Notes and Artifact Description

Prerequisit : have the Utility Functions  integration installed and configured  Link to App Exchange
Purpose : Enhance the standard information given by this integration in Artifact Description & Note
and remove the Action button Email Parsing (Artifact) if already done
Changes :

• New Rule Email Parsing (Artifact) and Email Parsing (Attachment)
• New Workflows
  • Email Parsing Artifact as duplicate of the Example: Email Parsing Artifact with changes in post process scripts
  • Email Parsing Attachment as duplicate of the Example: Email Parsing Attachment with changes in post process scripts

Previous Rules from this package can be desactivated or removed

Results in Note:

from Attachement

from Artifact

and in Artifact description:

Attached is the res file to import this configuration.
Feel free to use, change, adapt this code to your usage.

Building the res file:
resilient-circuits extract --workflow "email_parsing_artifact" "email_parsing_attachment" --rule "Email Parsing (Artifact)" "Email Parsing (Attachment)" -o config_MAILparser.res --zip

------------------------------
BENOIT ROSTAGNI
------------------------------

I mistakenly replied to this thread. I meant to add the question to the IOC Parser Function thread.

------------------------------
Ryan Terry
------------------------------

Original Message:
Sent: Fri January 10, 2020 11:19 AM
From: Jared Fagel
Subject: Enhance Email Parser Function and add results in Notes and Artifact Description

Ryan,

Can you explain what you mean?

------------------------------
Jared Fagel
Cyber Security Analyst I
Public Utility

Original Message:
Sent: Thu January 09, 2020 06:16 PM
From: Ryan Terry
Subject: Enhance Email Parser Function and add results in Notes and Artifact Description

Has anyone increased the usability of this function by adding the ability to parse the incident notes field as well?

------------------------------
Ryan Terry

Original Message:
Sent: Wed August 28, 2019 09:47 AM
From: BENOIT ROSTAGNI
Subject: Enhance Email Parser Function and add results in Notes and Artifact Description

Prerequisit : have the Utility Functions  integration installed and configured  Link to App Exchange
Purpose : Enhance the standard information given by this integration in Artifact Description & Note
and remove the Action button Email Parsing (Artifact) if already done
Changes :

• New Rule Email Parsing (Artifact) and Email Parsing (Attachment)
• New Workflows
  • Email Parsing Artifact as duplicate of the Example: Email Parsing Artifact with changes in post process scripts
  • Email Parsing Attachment as duplicate of the Example: Email Parsing Attachment with changes in post process scripts

Previous Rules from this package can be desactivated or removed

Results in Note:

from Attachement

from Artifact

and in Artifact description:

Attached is the res file to import this configuration.
Feel free to use, change, adapt this code to your usage.

Building the res file:
resilient-circuits extract --workflow "email_parsing_artifact" "email_parsing_attachment" --rule "Email Parsing (Artifact)" "Email Parsing (Attachment)" -o config_MAILparser.res --zip

------------------------------
BENOIT ROSTAGNI
------------------------------