Mail Listener v2
This Integration is part of the Mail Listener Pack.#
Overview#
Listens to a mailbox and enables incident triggering via e-mail.
Configure Mail Listener v2 on Cortex XSOAR#
- Navigate to Settings > Integrations > Servers & Services.
- Search for Mail Listener v2.
- Click Add instance to create and configure a new integration instance.
- Name: a textual name for the integration instance.
- Fetch incidents: Whether to fetch incidents or not
- MailServerURL: Mail Server Hostname / IP address
- port: IMAP Port
- credentials: Username and password
- folder: Incoming mail folder
- permittedFromAdd: Fetch mails from these senders addresses only (eg. admin@demo.com,test@demo.com)
- first_fetch: First fetch time (\<number> \<time unit>, e.g., 12 hours, 7 days, 3 months, 1 year)
- limit: The maximum number of incidents to fetch each time
- delete_processed: Delete processed emails
- Include_raw_body: Include raw body in incidents
- save_file: Save the email .eml file
- TLS_connection: Use TLS for connection (defaults to True)
- insecure: Trust any certificate (not secure)
- incidentFetchInterval: Incidents Fetch Interval
- clientCertAndKey: Client Certificate And Private Key (PEM) (Use this parameter if the IMAP server requires client certificates and private keys)
- Click Test to validate the connection and the authentication.
Commands:#
mail-listener-list-emails#
Fetch mails according to the configuration
Base Command#
mail-listener-list-emails
Input#
There are no input arguments for this command.
Context Output#
| Path | Type | Description |
|---|---|---|
| MailListener.EmailPreview.Subject | String | The subject of the mail |
| MailListener.EmailPreview.Date | Date | The date when the mail was received. |
| MailListener.EmailPreview.To | String | The recipient of the mail. |
| MailListener.EmailPreview.From | String | The sender of the mail. |
| MailListener.EmailPreview.ID | string | The ID of the mail. |
Command Example#
!mail-listener-list-emails
Context Example#
Human Readable Output#
Results#
Date From ID Subject To 2020-08-12T11:13:35+00:00 test@demistodev.com 65445 foooSubject test@demistodev.com
mail-listener-get-email#
Fetches an email by email ID
Base Command#
mail-listener-get-email
Input#
| Argument Name | Description | Required |
|---|---|---|
| message-id | Message ID as fetched in 'mail-listener-list-emails' command. | Required |
Context Output#
| Path | Type | Description |
|---|---|---|
| MailListener.Email.to | String | The recipients of the mail. |
| MailListener.Email.cc | String | The mail's cc. |
| MailListener.Email.bcc | String | The mail's bcc. |
| MailListener.Email.from | String | The sender of the mail. |
| MailListener.Email.format | String | The format of the mail. |
| MailListener.Email.text | String | The plain text of the mail. |
| MailListener.Email.HTML | String | The HTML display of the mail if exists. |
| MailListener.Email.subject | String | The subject of the mail. |
| MailListener.Email.attachments | String | The attachments of the mail if exists. |
| MailListener.Email.headers | String | The headers of the mail. |
Command Example#
!mail-listener-get-email message-id=65445
Context Example#
Human Readable Output#
Results#
attachments bcc cc format from headers rawHeaders subject text to text/plain test@demistodev.com Return-Path: test@demistodev.com
Received: from localhost (13.100.68.34.bc.googleusercontent.com. [34.68.100.13])
by smtp.gmail.com with ESMTPSA id t5sm917197ilp.15.2020.08.12.04.13.35
for test@demistodev.com
(version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
Wed, 12 Aug 2020 04:13:35 -0700 (PDT)
Message-ID: 5f33cedf.1c69fb81.e5562.38a5@mx.google.com
From: test@demistodev.com
X-Google-Original-From: koko@demisto.com
Mime-Version: 1.0
Date: Wed, 12 Aug 2020 11:13:35 +0000
To: test@demistodev.com
Subject: foooSubject
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printableReturn-Path: test@demistodev.com
Received: from localhost (13.100.68.34.bc.googleusercontent.com. [34.68.100.13])
by smtp.gmail.com with ESMTPSA id t5sm917197ilp.15.2020.08.12.04.13.35
for test@demistodev.com
(version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
Wed, 12 Aug 2020 04:13:35 -0700 (PDT)
Message-ID: 5f33cedf.1c69fb81.e5562.38a5@mx.google.com
From: test@demistodev.com
X-Google-Original-From: koko@demisto.com
Mime-Version: 1.0
Date: Wed, 12 Aug 2020 11:13:35 +0000
To: test@demistodev.com
Subject: foooSubject
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printablefoooSubject foooBody test@demistodev.com
mail-listener-get-email-as-eml#
Fetches an email by message ID and download it's eml file
Base Command#
mail-listener-get-email-as-eml
Input#
| Argument Name | Description | Required |
|---|---|---|
| message-id | Message ID as fetched in 'mail-listener-list-emails' command. | Required |
Context Output#
There is no context output for this command.
Command Example#
!mail-listener-get-email-as-eml message-id=65445
Context Example#
Additional Information#
In the first fetch iteration, some emails may be skipped and not fetched as incidents - the integration will fetch just the last available emails for the given day, as set in The maximum number of incidents to fetch each time and First fetch time. This behavior is due to the fact that IMAP time filter is limited to day based filter.
Subsequent fetch iterations should fetch emails as they are received, without further issue.
The occurred time for emails with no received date field will be the time it was fetched to the system.