IBM Security Join our 16,000+ members as we work together to overcome the toughest challenges of cybersecurity. Join the Community
Did you maybe manage to figure out how to do this? I'm looking for a way to parse an attached email.
Do you know how to get attachment file itself parse its content? I met same requirement.
Do you know how to get attachment file itself in SOAR script? I want to send it to sandbox for anysis.
I'm not sure if this is what you meant, but in my email parsing script I have this snippet:
This adds the attachments from an email in the attachments tab in the incident and then you can make a playbook with either automatic or manual activation from an attachment. I haven't tried sending an attachment to a sandbox yet but it does work with getting attachment hashes.