This Script is part of the
Identify whether the incident includes an email message attached as an eml or msg file and return the answer to playbook.
Also saves the identified entry ID to context for use for later.
Commonly used in automated playbooks that handle phishing reports sent to a special phishing mailbox set up by the security team.
|Tags||phishing, email, Condition|
|Cortex XSOAR Version||5.0.0|
This script is used in the following playbooks and scripts.
- Process Email - Core
- Process Email - Core v2
- Process Email - Generic
- Process Email - Generic v2
|entryid||Specific entryid to check if it is an email attachment. If not specified will check all entries of the incident.|
|yes||If incident contains an email attachment. Will also set reportedemailentryid with the entry id.||Unknown|
|no||If incident does not contain an email attachment||Unknown|