Skip to main content

Get Original Email - Gmail

This Playbook is part of the Phishing Pack.#


Use GetOriginal_Email-_Gmail_v2 instead.

Retrieves the original email in a thread, including headers and attahcments, when the reporting user forwarded the original email not as an attachment.

You must have the necessary permissions in your Gmail service to execute global search: Google Apps Domain-Wide Delegation of Authority.


This playbook uses the following sub-playbooks, integrations, and scripts.


This playbook does not use any sub-playbooks.


  • Gmail


  • DeleteContext
  • Set


  • gmail-get-attachments
  • gmail-get-mail
  • gmail-search

Playbook Inputs#

NameDescriptionDefault ValueSourceRequired
EmailIDThe email ID of the forwarded message.emailmessageidincidentOptional
UserThe email address of the reporting user.emailtoincidentOptional
FromThe email address of the thread originator.emailfromincidentOptional

Playbook Outputs#

EmailThe email object.unknown
Email.ToThe recipient of the email.string
Email.FromThe sender of the email.string
Email.CCThe CC address of the email.string
Email.BCCThe BCC address of the email.string
Email.HTMLThe email HTML.string
Email.BodyThe email text body.string
Email.HeadersThe email headers.string
Email.SubjectThe email subject.string
FileOriginal attachments.unknown

Playbook Image#