IBM Security QRadar SOAR

Hello,

Is is a solution how I can extract attachments from EML file to Attachment tab?
I want to upload EML file to SOAR and than automatically extract all attachments inside EML file as a standalone attachments.
I have Email Parser functions, but how I understand it can transform only to artifacts.

------------------------------
Alexey Fedorov
------------------------------

Hi Alexey,

Take a look at the Utilities package on the AppExchange: https://exchange.xforce.ibmcloud.com/hub/extension/2b6699ac8a3976b67dfbddee26dbe3a5. There's a function, email_parsing, which will parse out attachments and create file-based artifacts. File-base artifacts are used as the attachments may be malware which should protected and made available for other analysis tools.
This function is complex, relying on perl modules to perform the extraction. It's best to use App Host with this app as the environment setup with Python and Perl is already in place in the container.

Good luck,
Mark

------------------------------
Mark Scherfling
------------------------------

Original Message:
Sent: Thu March 31, 2022 08:56 AM
From: Alexey Fedorov
Subject: EML to Attachments

Hello,

Is is a solution how I can extract attachments from EML file to Attachment tab?
I want to upload EML file to SOAR and than automatically extract all attachments inside EML file as a standalone attachments.
I have Email Parser functions, but how I understand it can transform only to artifacts.

------------------------------
Alexey Fedorov
------------------------------

------------------------------
Alexey Fedorov
------------------------------

Original Message:
Sent: Fri April 01, 2022 08:26 AM
From: Mark Scherfling
Subject: EML to Attachments

Hi Alexey,

Take a look at the Utilities package on the AppExchange: https://exchange.xforce.ibmcloud.com/hub/extension/2b6699ac8a3976b67dfbddee26dbe3a5. There's a function, email_parsing, which will parse out attachments and create file-based artifacts. File-base artifacts are used as the attachments may be malware which should protected and made available for other analysis tools.
This function is complex, relying on perl modules to perform the extraction. It's best to use App Host with this app as the environment setup with Python and Perl is already in place in the container.

Good luck,
Mark

------------------------------
Mark Scherfling

Original Message:
Sent: Thu March 31, 2022 08:56 AM
From: Alexey Fedorov
Subject: EML to Attachments

Hello,

Is is a solution how I can extract attachments from EML file to Attachment tab?
I want to upload EML file to SOAR and than automatically extract all attachments inside EML file as a standalone attachments.
I have Email Parser functions, but how I understand it can transform only to artifacts.

------------------------------
Alexey Fedorov
------------------------------

Original Message:
Sent: 4/4/2022 2:27:00 AM
From: Alexey Fedorov
Subject: RE: EML to Attachments

Hello Mark,

I use the utilities package and how I understood the email parsing function can extract only name of attachments and add it to artifacts that has no sense to me. If I do something wrong with the function - please help me to better understand the possibility of the function.

------------------------------
Alexey Fedorov
------------------------------

Original Message:
Sent: Fri April 01, 2022 08:26 AM
From: Mark Scherfling
Subject: EML to Attachments

Hi Alexey,

Take a look at the Utilities package on the AppExchange: https://exchange.xforce.ibmcloud.com/hub/extension/2b6699ac8a3976b67dfbddee26dbe3a5. There's a function, email_parsing, which will parse out attachments and create file-based artifacts. File-base artifacts are used as the attachments may be malware which should protected and made available for other analysis tools.
This function is complex, relying on perl modules to perform the extraction. It's best to use App Host with this app as the environment setup with Python and Perl is already in place in the container.

Good luck,
Mark

------------------------------
Mark Scherfling

Original Message:
Sent: Thu March 31, 2022 08:56 AM
From: Alexey Fedorov
Subject: EML to Attachments

Hello,

Is is a solution how I can extract attachments from EML file to Attachment tab?
I want to upload EML file to SOAR and than automatically extract all attachments inside EML file as a standalone attachments.
I have Email Parser functions, but how I understand it can transform only to artifacts.

------------------------------
Alexey Fedorov
------------------------------

------------------------------
Alexey Fedorov
------------------------------

Original Message:
Sent: Mon April 04, 2022 07:49 AM
From: Mark Scherfling
Subject: EML to Attachments

Hi Alexey,

 

If you set the function input parameter, utilities_parse_email_attachments, to Yes, when file-based artifacts of type 'Email Attachment' will be created.

 

Regards,

Mark

 

Original Message:
Sent: 4/4/2022 2:27:00 AM
From: Alexey Fedorov
Subject: RE: EML to Attachments

Hello Mark,

I use the utilities package and how I understood the email parsing function can extract only name of attachments and add it to artifacts that has no sense to me. If I do something wrong with the function - please help me to better understand the possibility of the function.

------------------------------
Alexey Fedorov

Original Message:
Sent: Fri April 01, 2022 08:26 AM
From: Mark Scherfling
Subject: EML to Attachments

Hi Alexey,

Take a look at the Utilities package on the AppExchange: https://exchange.xforce.ibmcloud.com/hub/extension/2b6699ac8a3976b67dfbddee26dbe3a5. There's a function, email_parsing, which will parse out attachments and create file-based artifacts. File-base artifacts are used as the attachments may be malware which should protected and made available for other analysis tools.
This function is complex, relying on perl modules to perform the extraction. It's best to use App Host with this app as the environment setup with Python and Perl is already in place in the container.

Good luck,
Mark

------------------------------
Mark Scherfling

Original Message:
Sent: Thu March 31, 2022 08:56 AM
From: Alexey Fedorov
Subject: EML to Attachments

Hello,

Is is a solution how I can extract attachments from EML file to Attachment tab?
I want to upload EML file to SOAR and than automatically extract all attachments inside EML file as a standalone attachments.
I have Email Parser functions, but how I understand it can transform only to artifacts.

------------------------------
Alexey Fedorov
------------------------------

Thanks for your valuable information about extracting attachments of the EML file. Now anyone can follow your solution for this issue. Thank you so much. 

------------------------------
Ankur Aryson
------------------------------

Original Message:
Sent: Fri April 01, 2022 08:26 AM
From: Mark Scherfling
Subject: EML to Attachments

Hi Alexey,

Take a look at the Utilities package on the AppExchange: https://exchange.xforce.ibmcloud.com/hub/extension/2b6699ac8a3976b67dfbddee26dbe3a5. There's a function, email_parsing, which will parse out attachments and create file-based artifacts. File-base artifacts are used as the attachments may be malware which should protected and made available for other analysis tools.
This function is complex, relying on perl modules to perform the extraction. It's best to use App Host with this app as the environment setup with Python and Perl is already in place in the container.

Good luck,
Mark

------------------------------
Mark Scherfling

Original Message:
Sent: Thu March 31, 2022 08:56 AM
From: Alexey Fedorov
Subject: EML to Attachments

Hello,

Is is a solution how I can extract attachments from EML file to Attachment tab?
I want to upload EML file to SOAR and than automatically extract all attachments inside EML file as a standalone attachments.
I have Email Parser functions, but how I understand it can transform only to artifacts.

------------------------------
Alexey Fedorov
------------------------------