Skip to main content

Get Original Email - Generic v2

This Playbook is part of the Phishing Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.1.0 and later.

This v2 playbook is being used inside the "Phishing" flow. It will retrieve an original mail based on the inputs.

The inputs in this version are not using any labels and also allow the user to supply an email brand.

You must have the necessary permissions in your email service to execute global search.


This playbook uses the following sub-playbooks, integrations, and scripts.


  • Get Original Email - Microsoft Graph Mail
  • Get Original Email - Gmail v2
  • Get Original Email - EWS v2


This playbook does not use any integrations.


This playbook does not use any scripts.


This playbook does not use any commands.

Playbook Inputs#

NameDescriptionDefault ValueRequired
MessgaeIDThe original email message id to retrieve. This should hold the value of the "Message-ID" header of the original email.Optional
UserIDThe email address of the user for which to fetch the original email.Optional
EmailSubjectThe original email subject.Optional
EmailBrandWhen this value is supplied only the relevant playbook will run.
Possible values:
- Gmail
- EWS v2
- MicrosoftGraphMail

If none of the above values is supplied, all of the playbooks will run.

Playbook Outputs#

EmailThe email objectstring
FileOriginal attachmentsstring
Email.ToThe recipient of the emailstring
Email.FromThe sender of the emailstring
Email.CCThe CC address of the emailstring
Email.BCCThe BCC address of the emailstring
Email.HTMLThe email HTMLstring
Email.BodyThe email text bodystring
Email.HeadersThe email headersstring
Email.SubjectThe email subjectstring
Email.HeadersMapThe headers of the email.string
reportedemailentryidIn case the original eml was retrieved, this field will hold the File's Entry ID.unknown

Playbook Image#

Get Original Email - Generic v2