Email Communication

Do you have to send multiple emails to end users? This content pack helps you streamline the process and automate updates, notifications and more.

The SOC team needs to communicate and respond to end-users to get more details about an alert, continue with an investigation, etc, usually using emails.

This email communications content pack enables security teams to automate the communication and notification process with end users.

With this Content Pack, you can use the layout as-is for email communication. It can also be used for other incident types by adding the email communication layout to the different incident types.

What does this pack do?

The layout helps you communicate and respond to emails in the Cortex XSOAR system:

Add CC to the email
Write the email you want to send
Add attachments if needed to the email.
Tag all the related emails (incoming/outgoing) to the incident and manage as an email thread - the user can view all the communications in the layout without leaving the system.

This pack includes, out of the box, a full layout, scripts, and incident fields. All of these are customizable to suit the needs of your organization.

_For more information, visit our Cortex XSOAR Developer Docs

Email_Communication_layout

PUBLISHER

Cortex XSOAR

INFO

Certification	Certified	Read more
Supported By	Cortex XSOAR
Created	August 27, 2020
Last Release	April 18, 2021

Email Communication

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.

Classifiers

Name	Description
EWS - Classifier - Email Communication	Classifies EWS email messages.
EWS - Incoming Mapper - Email Communication	Maps incoming EWS email message fields.
Gmail - Classifier - Email Communication	Classifies Gmail email messages.
Gmail - Incoming Mapper - Email Communication	Maps incoming Gmail email message fields.
MS Graph Mail - Classifier - Email Communication	Classifies MS Graph Mail email messages.
MS Graph Mail - Incoming Mapper - Email Communication	Maps incoming MS Graph Mail email message fields.

Incident Fields

Name	Description
Add CC To Email
Email Generated Code

Incident Types

Name	Description
Email Communication

Layouts

Name	Description
Email Communication

Automations

Name	Description
DisplayEmailHtml	Displays the original email in HTML format.
PreprocessEmail	Preprocessing script for email communication layout. This script checks if the incoming email contains an Incident ID to link the mail to an existing incident, and tags the email as "email-thread". For more information about the preprocessing rules, refer to: https://demisto.developers.paloaltonetworks.com/docs/incidents/incident-pre-processing
SendEmailReply	Send email reply

1.3.7 - 329389 (April 18, 2021)

Classifiers

New: MS Graph Mail - Classifier - Email Communication

Classifies MS Graph Mail email messages.

Mappers

New: MS Graph Mail - Incoming Mapper - Email Communication

Maps incoming MS Graph Mail email message fields.

New: MicrosoftGraphMail

Maps incoming MS Graph Mail email message fields.

Scripts

DisplayEmailHtml

Fixed an issue where the script failed when an incident did not have the Email HTML field.
Updated the Docker image to: demisto/python3:3.9.4.18682.

1.3.5 - R307768 (March 18, 2021)

Scripts

SendEmailReply

Changed the mandatory argument "service_mail" to optional

1.3.4 - R264879 (December 24, 2020)

Scripts

SendEmailReply

Fixed an issue where notes added by DBot were not displayed correctly.

1.3.3 - 230456 (December 23, 2020)

Scripts

PreprocessEmail

Fixed the name of the list XSOAR - Email Communication Days To Query in the README.

1.3.2 - 229790 (December 22, 2020)

Incident Fields

Email Generated Code

Scripts

SendEmailReply

Updated the script to use a UUID for every new incident that is created.

PreprocessEmail

Updated the script to use a UUID for every new incident that is created.
Breaking Change To avoid performance issues, the search for related incidents is limited to 60 days.

1.3.1 - 196091 (November 22, 2020)

Scripts

DisplayEmailHtml

Maintenance and stability enhancements.

PreprocessEmail

You can now view inline images and attachments for Email Communication incidents.
Updated the Docker image to: demisto/python3:3.8.6.13358.

SendEmailReply

Updated the script to reply to a given email message instead of sending a new message.
Updated the Docker image to: demisto/python3:3.8.6.13358.

1.3.0 - 190737 (November 17, 2020)

Classifiers

New: Gmail - Classifier - Email Communication

Classifies Gmail email messages.

New: Gmail - Incoming Mapper - Email Communication

Maps incoming Gmail email message fields.

New: EWS - Incoming Mapper - Email Communication

Maps incoming EWS email message fields.

New: EWS - Classifier - Email Communication

Classifies EWS email messages.

New: EWS v2

Maps incoming EWS email message fields.

Layouts

Email Communication
Changed original email details section to support email inline images.

Scripts

New: DisplayEmailHtml

Displays the original email in HTML format.

1.2.2 - R180529 (November 9, 2020)

Incident Types

Email Communication
Layout has been associated to Email Communication incident type.

1.2.1 - 99844 (September 1, 2020)

Layouts

Email Communication
For version 6 and later, the layout has been assigned to the Email Communication incident type.

1.2.0 - 98252 (August 30, 2020)

Scripts

PreprocessEmail

You can now view mail attachments for Email Communication incidents.

SendEmailReply

Fixed an issue where the recipients list was parsed incorrectly.

Layouts

Email Communication

1.1.0 - 97991 (August 30, 2020)

Incident Fields

Add CC To Email
incidentfield-addcctoemail_CHANGELOG.md
New incident field to add CC to Email.

Incident Types

incidenttype-Email_Communication_CHANGELOG.md
Added new Email Communication incident type.

Layouts

Email Communication
Added new Email Communication layout.

1.0.0 - 96994 (August 27, 2020)

EmailCommunication

Email Communication 1.3.7 356353

What does this pack do?

PUBLISHER

INFO

DISCLAIMER

Classifiers

New: MS Graph Mail - Classifier - Email Communication

Mappers

New: MS Graph Mail - Incoming Mapper - Email Communication

New: MicrosoftGraphMail

Scripts

DisplayEmailHtml

Scripts

SendEmailReply

Scripts

SendEmailReply

Scripts

PreprocessEmail

Incident Fields

Scripts

SendEmailReply

PreprocessEmail

Scripts

DisplayEmailHtml

PreprocessEmail

SendEmailReply

Classifiers

New: Gmail - Classifier - Email Communication

New: Gmail - Incoming Mapper - Email Communication

New: EWS - Incoming Mapper - Email Communication

New: EWS - Classifier - Email Communication

New: EWS v2

Layouts

Scripts

New: DisplayEmailHtml

Incident Types

Layouts

Scripts

PreprocessEmail

SendEmailReply

Layouts

Incident Fields

Incident Types

Layouts