Good day all, I have a question today.
Currently I use the Exchange Connector to create cases from emails reported to Security by our userbase.
The org is starting to roll out some O365 stuff which includes a Button to report emails to O365.
These reported emails get attached to a new email, from O365, and arrive at some mailbox. In short, I receive an email from O365 that says an email was reported with O365's assessment and the original email is attached.
I want to use the Exchange Connector to ingest these emails, take some data from the body (easy part) and then
ingest the attached message
. From the attached message I would want to obtain the same data I would normally receive as if the Exchange Connector directly ingested that message.
Any thoughts on how I could do this?
We have a subfolder and an inbox rule that moves the reported emails to that folder. Then have an EML connector watching that folder to bring into siemplify. We added a line of custom code to capture original sender/reporter of the email for things like having Siemplify be able to send follow-up emails back to them. Might be able to do similar with other original email data.
Yeah that's what I was thinking. I have a similar process to you but I was hoping not to have to write more custom processes. Thanks!
Yeah. Same thought process here but sometimes it's just so much easier. you might be able to do it with the Mail connector but then you'll probably be retrieving attachments from the case wall, parsing those attachments, etc. lots of playbook actions vs a couple lines of code. I've so far only ran into an issue once with the Exchange connector where my custom code broke after updating the other integration files. That was with updating to the newest version when they made a lot of changes to add more support for oauth. As long as you change as little as possible you should be ok unless there is another major re-write!
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.