Hi Maria,
Unfortunately, there isn't a way to create an attachment within an email parsing script. That would be the most straightforward approach if it existed.
It should be possible to develop a new function in the SOAR Utilities app to read the contents of an artifact and, with the existing string_to_attachment function, place those contents into an attachment. Then, a playbook can be written to trigger when an artifact of type Email Attachment is created to move that content into an attachment.
I will add that development to our request for enhancements.
------------------------------
Mark Scherfling
------------------------------
Original Message:
Sent: Fri May 31, 2024 02:26 AM
From: Maria Czapkowska
Subject: Artifact to attachment
I have a playbook that parses emails that are attached to an incident. The code is from Parse Utilities Function for SOAR app. The issue I'm having with this is that all attachments from the email are added as an artifact, meaning I can't download it or run any playbooks meant for email attachments. I have to download the email then manually get all the attachments and upload them to SOAR.
Is there any way to convert an artifact of type "email attachment" to attachment? Alternatively, maybe someone has a code that would extract the attachments and add them as attachments instead of artifacts?
I tried using the code for adding an attachment from Email parsing script for incoming emails, but it doesn't work as I'm parsing an attachment not an "Email Message"
------------------------------
Maria Czapkowska
------------------------------