Hi all,

I am using a copy of the Generic email script (v2.3.1) to process emails sent to the SOAR mailbox.

I modified it to create an incident (emailmessage.createAssociatedIncident) and assign it a predefined type (incident.incident_type_ids = "New-type") depending on a specific subject and sender.

To handle the incident, I associated an "incident" playbook to the New-type so that when a new incident of this type is created, the playbook starts.  This part works like a charm.

Somewhere within the playbook, some information would need to be extracted from the body of the email.  But since this an "incident playbook", it does'nt have access to the email.

Is there a (simple) way to access the email (body, headers, ...)  associated with the incident?

Thanks for your help

Hi Pierre,

Unfortunately, here is no way for a script or a playbook to read the contents of an inbound email. An alternative is the logic added to Generic Email Parsing Script (https://exchange.xforce.ibmcloud.com/hub/extension/4ba70106b6f2dfa77cb1e3c921db7ff5). There's logic here to add parts of the inbound email message to a datatable. I don't see the headers but that can be customized (perhaps in a different datatable). Then, a playbook can be triggered against the datatable row created and it's then easier to pull these email components from the datatable within the playbook.

Hope this helps.

Regards,
Mark

Here's what the logic in this Generic Parsing Script looks like which pulls the parts into a datatable.

            row = incident.addRow('email_conversations')
            row['date_sent'] = int(time.time()*1000) 
            row['source'] = "inbound"
            row['inbound_id'] = emailmessage.id
            row['recipients'] = helper.createRichText("To: {}<br>Cc: {}<br>Bcc: {}".format(handle_list(headers.get("To")), handle_list(headers.get("CC", '')), handle_list(headers.get("BCC", ''))))
            row['from'] = handle_list(headers.get("From"))
            row['subject'] = handle_list(headers.get("Subject"))
            row['body'] = DEFANG_PATTERN.sub(r"x_\1_x:", msg_body)
            row['attachments'] = ", ".join(msg_attachments)
            row['message_id'] = processor.get_message_id(headers)
            row['in_reply_to'] = handle_list(headers.get("References"))
            row['importance'] = handle_list((headers.get("Importance") or {"1": "high", "2": "normal", "3": "low"}.get(headers.get("X-Priority"), "normal")))