Process Email - Generic

Adds email details to the relevant context entities and handle the case where original emails are attached.


This playbook uses the following sub-playbooks, integrations, and scripts.


  • Get Original Email - Generic


  • Builtin


  • Set
  • IdentifyAttachedEmail
  • ParseEmailFiles


  • setIncident
  • rasterize-email

Playbook Inputs

NameDescriptionDefault ValueSourceRequired
FileAn EML or MSG file.NoneFileOptional
EmailThe receiving email address.labels.EmailincidentOptional
Email/ccThe "cc" addresses.labels.CCincidentOptional
Email/fromThe originator of the email.labels.Email/fromincidentOptional
Email/subjectThe email’s subject.labels.Email/subjectincidentOptional
Email/textThe email’s text.labels.Email/textincidentOptional
Email/htmlThe email’s HTML.labels.Email/htmlincidentOptional
Email/headersThe email’s headers.labels.Email/headersincidentOptional
Email/formatThe email’s format.labels.Email/formatincidentOptional
GetOriginalEmailReturns the original email in the thread. The default is "False". You must have the necessary permissions in your email service to execute global,search. EWS: eDiscovery and Gmail: Google Apps Domain-Wide Delegation of Authority.False-Optional

Playbook Outputs

Email.HTMLThe email "html" body if existsstring
EmailThe email object.unknown
Email.CCThe email "cc" addresses.string
Email.FromThe email "from" sender.string
Email.SubjectThe email subject.string
Email.ToThe email "to" addresses.string
Email.TextThe email "text" body if exists.string
Email.HeadersThe full email headers as a single string.string
Email.AttachmentsThe list of attachment names in the email.string
Email.FormatThe format of the email if available.string
FileThe file object.unknown

Playbook Image