IBM Security QRadar SOAR

 View Only
  • 1.  Extract email body from EML file

    Posted Wed September 07, 2022 11:43 AM
    Hello!

    I am trying to do a machine learning project on email bodies. Therefore, I'd like to use the Resilient REST API to download the emails. The emails are attached to incidents as EML files. However, when I download the file with the API, I don't have a simple way of extracting the mail body.

    I have tried using regex to extract the body, but there does not seem to be a clear way of doing so, as the EML cosists of a bunch of metadata, followed by the body. Since the meta data varies from mail to mail, this becomes hard.

    I have also tried searching for EML parsers, but without luck.

    Has anyone come across an easy way of extracting the mail body from EML attachments?

    Unfortunately, I cannot supply any examples as all the mails I have cotain sensitive information.

    Thank you guys in advance!

    //Andreas :)

    ------------------------------
    Andreas Rasmussen
    ------------------------------


  • 2.  RE: Extract email body from EML file

    Posted Thu September 08, 2022 09:28 AM
    Hi Andreas,

    Take a look at our email parsing logic in fn_utilities: https://github.com/ibmresilient/resilient-community-apps/blob/master/fn_utilities/fn_utilities/components/utilities_email_parse.py

    It's a complex solution which uses a perl module for some of the parsing. It's possible to create a new function to extract the email message and then pass that data from that into this email parsing function for the data extraction. 

    Good luck,
    Mark

    ------------------------------
    Mark Scherfling
    ------------------------------