Mail Listener v2
Overview#
Listens to a mailbox and enables incident triggering via e-mail.
Configure Mail Listener v2 on XSOAR#
- Navigate to Settings > Integrations > Servers & Services.
- Search for Mail Listener v2.
- Click Add instance to create and configure a new integration instance.
- Name: a textual name for the integration instance.
- Fetch incidents: Whether to fetch incidents or not
- MailServerURL: Mail Server Hostname / IP address
- port: IMAP Port
- credentials: Username and password
- folder: Incoming mail folder
- permittedFromAdd: Fetch mails from these senders addresses only (eg. admin@demo.com,test@demo.com)
- first_fetch: First fetch time (\<number> \<time unit>, e.g., 12 hours, 7 days, 3 months, 1 year)
- limit: The maximum number of incidents to fetch each time
- delete_processed: Delete processed emails
- Include_raw_body: Include raw body in incidents
- save_file: Save the email .eml file
- TLS_connection: Use TLS for connection (defaults to True)
- insecure: Trust any certificate (not secure)
- incidentFetchInterval: Incidents Fetch Interval
- Click Test to validate the connection and the authentication.
Commands:#
- mail-listener-list-emails
- mail-listener-get-email
- mail-listener-get-email-as-eml
1. mail-listener-list-emails#
Fetches mails according to the configuration
Base Command#
mail-listener-list-emails
Input#
There are no input arguments for this command.
Context Output#
| Path | Type | Description |
|---|---|---|
| MailListener.EmailPreview.Subject | String | The subject of the mail |
| MailListener.EmailPreview.Date | Date | The date when the mail was recived |
| MailListener.EmailPreview.To | String | The recipient of the mail |
| MailListener.EmailPreview.From | String | The sender of the mail |
| MailListener.EmailPreview.ID | string | The ID of the mail |
Command Example#
!mail-listener-list-emails
Context Example#
Human Readable Output#
Results#
Date From ID Subject To 2020-08-12T11:13:35+00:00 test@demistodev.com 65445 foooSubject test@demistodev.com
2. mail-listener-get-email#
Fetches an email by email ID
Base Command#
mail-listener-get-email
Input#
| Argument Name | Description | Required |
|---|---|---|
| message-id | Message ID as fetched in 'mail-listener-list-emails' command | Required |
Context Output#
| Path | Type | Description |
|---|---|---|
| MailListener.Email.to | String | The recipients of the mail |
| MailListener.Email.cc | String | The mail's cc |
| MailListener.Email.bcc | String | The mail's bcc |
| MailListener.Email.from | String | The sender of the mail |
| MailListener.Email.format | String | The format of the mail |
| MailListener.Email.text | String | The plain text of the mail |
| MailListener.Email.HTML | String | The HTML display of the mail if exists |
| MailListener.Email.subject | String | The subject of the mail |
| MailListener.Email.attachments | String | The attachments of the mail if exists |
| MailListener.Email.headers | String | The headers of the mail |
Command Example#
!mail-listener-get-email message-id=65445
Context Example#
Human Readable Output#
Results#
attachments bcc cc format from headers rawHeaders subject text to text/plain test@demistodev.com Return-Path: test@demistodev.com
Received: from localhost (13.100.68.34.bc.googleusercontent.com. [34.68.100.13])
by smtp.gmail.com with ESMTPSA id t5sm917197ilp.15.2020.08.12.04.13.35
for test@demistodev.com
(version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
Wed, 12 Aug 2020 04:13:35 -0700 (PDT)
Message-ID: 5f33cedf.1c69fb81.e5562.38a5@mx.google.com
From: test@demistodev.com
X-Google-Original-From: koko@demisto.com
Mime-Version: 1.0
Date: Wed, 12 Aug 2020 11:13:35 +0000
To: test@demistodev.com
Subject: foooSubject
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printableReturn-Path: test@demistodev.com
Received: from localhost (13.100.68.34.bc.googleusercontent.com. [34.68.100.13])
by smtp.gmail.com with ESMTPSA id t5sm917197ilp.15.2020.08.12.04.13.35
for test@demistodev.com
(version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
Wed, 12 Aug 2020 04:13:35 -0700 (PDT)
Message-ID: 5f33cedf.1c69fb81.e5562.38a5@mx.google.com
From: test@demistodev.com
X-Google-Original-From: koko@demisto.com
Mime-Version: 1.0
Date: Wed, 12 Aug 2020 11:13:35 +0000
To: test@demistodev.com
Subject: foooSubject
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printablefoooSubject foooBody test@demistodev.com
3. mail-listener-get-email-as-eml#
Fetches an email by message ID and download it's eml file
Base Command#
mail-listener-get-email-as-eml
Input#
| Argument Name | Description | Required |
|---|---|---|
| message-id | Message ID as fetched in 'mail-listener-list-emails' command | Required |
Context Output#
There is no context output for this command.
Command Example#
!mail-listener-get-email-as-eml message-id=65445
Context Example#
Additional Information#
In the first fetch iteration, it might take a few minutes for email messages to be ingested due to filter limitations on the IMAP client.