Email Communication | Cortex XSOAR

Do you have to send multiple emails to end users? This content pack helps you streamline the process and automate updates, notifications and more.

The SOC team needs to communicate and respond to end-users to get more details about an alert, continue with an investigation, etc, usually using emails.

This email communications content pack enables security teams to automate the communication and notification process with end users.

With this Content Pack, you can use the layout as-is for email communication. It can also be used for other incident types by adding the email communication layout to the different incident types.

What does this pack do?

The layout helps you communicate and respond to emails in the Cortex XSOAR system:

Add CC to the email
Write the email you want to send
Add attachments if needed to the email.
Tag all the related emails (incoming/outgoing) to the incident and manage as an email thread - the user can view all the communications in the layout without leaving the system.

This pack includes, out of the box, a full layout, scripts, and incident fields. All of these are customizable to suit the needs of your organization.

_For more information about the pack, visit our Cortex XSOAR Developer Docs

Email_Communication_layout

PUBLISHER

Cortex XSOAR

INFO

Certification	Certified	Read more
Supported By	Cortex XSOAR
Created	August 27, 2020
Last Release	October 21, 2021

Email Communication

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.

Incident Types

Name	Description
Email Communication

Classifiers

Name	Description
MS Graph Mail Single User - Classifier - Email Communication	Classifies MS Graph Mail Single User email messages.
MS Graph Mail - Incoming Mapper - Email Communication	Maps incoming MS Graph Mail email message fields.
Gmail - Incoming Mapper - Email Communication	Maps incoming Gmail email message fields.
MS Graph Mail - Classifier - Email Communication	Classifies MS Graph Mail email messages.
Gmail - Classifier - Email Communication	Classifies Gmail email messages.
EWS - Incoming Mapper - Email Communication	Maps incoming EWS email message fields.
EWS - Classifier - Email Communication	Classifies EWS email messages.
MS Graph Mail Single User - Incoming Mapper - Email Communication	Maps incoming MS Graph Mail Single User email message fields.

Automations

Name	Description
PreprocessEmail	Preprocessing script for email communication layout. This script checks if the incoming email contains an Incident ID to link the mail to an existing incident, and tags the email as "email-thread". For more information about the preprocessing rules, refer to: https://demisto.developers.paloaltonetworks.com/docs/incidents/incident-pre-processing
DisplayEmailHtml	Displays the original email in HTML format.
SendEmailReply	Send email reply

Layouts

Name	Description
Email Communication

Incident Fields

Name	Description
Email Generated Code
Add CC To Email

1.3.13 - 1825451 (October 21, 2021)

Scripts

DisplayEmailHtml

Added multi tenant support.

1.3.12 - R1807895 (October 17, 2021)

Scripts

PreprocessEmail

Updated the Docker image to: demisto/python3:3.9.7.24076.

SendEmailReply

Updated the Docker image to: demisto/python3:3.9.7.24076.

1.3.11 - 7640590 (September 16, 2021)

Scripts

DisplayEmailHtml

Updated the Docker image to: demisto/python3:3.9.7.24076.

1.3.10 - 394494 (July 8, 2021)

Scripts

SendEmailReply

Updated the script to execute using the DBot role.
Upgraded the Docker image to: demisto/python3:3.9.5.21272.

1.3.9 - 387183 (June 20, 2021)

Classifiers

New: MicrosoftGraphMailSingleUser-EmailCommunication

Maps incoming MS Graph Mail Single user email message fields. (Available from Cortex XSOAR 5.5.0 to 5.9.9).

New: MS Graph Mail Single User - Classifier - Email Communication

Classifies MS Graph Mail Single user email messages. (Available from Cortex XSOAR 6.0.0).

Mappers

New: MS Graph Mail Single User - Incoming Mapper - Email Communication

Maps incoming MS Graph Mail Single user email message fields (Available from Cortex XSOAR 6.0.0).

1.3.8 - 381353 (June 8, 2021)

Scripts

PreprocessEmail

Upgraded the Docker image to: demisto/python3:3.9.5.20958.

SendEmailReply

Upgraded the Docker image to: demisto/python3:3.9.5.20958.

1.3.7 - 329389 (April 18, 2021)

Classifiers

New: MS Graph Mail - Classifier - Email Communication

Classifies MS Graph Mail email messages.

Mappers

New: MS Graph Mail - Incoming Mapper - Email Communication

Maps incoming MS Graph Mail email message fields.

New: MicrosoftGraphMail

Maps incoming MS Graph Mail email message fields.

Scripts

DisplayEmailHtml

Fixed an issue where the script failed when an incident did not have the Email HTML field.
Updated the Docker image to: demisto/python3:3.9.4.18682.

1.3.5 - R307768 (March 18, 2021)

Scripts

SendEmailReply

Changed the mandatory argument "service_mail" to optional

1.3.4 - R264879 (December 24, 2020)

Scripts

SendEmailReply

Fixed an issue where notes added by DBot were not displayed correctly.

1.3.3 - 230456 (December 23, 2020)

Scripts

PreprocessEmail

Fixed the name of the list XSOAR - Email Communication Days To Query in the README.

1.3.2 - 229790 (December 22, 2020)

Incident Fields

Email Generated Code

Scripts

SendEmailReply

Updated the script to use a UUID for every new incident that is created.

PreprocessEmail

Updated the script to use a UUID for every new incident that is created.
Breaking Change To avoid performance issues, the search for related incidents is limited to 60 days.

1.3.1 - 196091 (November 22, 2020)

Scripts

DisplayEmailHtml

Maintenance and stability enhancements.

PreprocessEmail

You can now view inline images and attachments for Email Communication incidents.
Updated the Docker image to: demisto/python3:3.8.6.13358.

SendEmailReply

Updated the script to reply to a given email message instead of sending a new message.
Updated the Docker image to: demisto/python3:3.8.6.13358.

1.3.0 - 190737 (November 17, 2020)

Classifiers

New: Gmail - Classifier - Email Communication

Classifies Gmail email messages.

New: Gmail - Incoming Mapper - Email Communication

Maps incoming Gmail email message fields.

New: EWS - Incoming Mapper - Email Communication

Maps incoming EWS email message fields.

New: EWS - Classifier - Email Communication

Classifies EWS email messages.

New: EWS v2

Maps incoming EWS email message fields.

Layouts

Email Communication
Changed original email details section to support email inline images.

Scripts

New: DisplayEmailHtml

Displays the original email in HTML format.

1.2.2 - R180529 (November 9, 2020)

Incident Types

Email Communication
Layout has been associated to Email Communication incident type.

1.2.1 - 99844 (September 1, 2020)

Layouts

Email Communication
For version 6 and later, the layout has been assigned to the Email Communication incident type.

1.2.0 - 98252 (August 30, 2020)

Scripts

PreprocessEmail

You can now view mail attachments for Email Communication incidents.

SendEmailReply

Fixed an issue where the recipients list was parsed incorrectly.

Layouts

Email Communication

1.1.0 - 97991 (August 30, 2020)

Incident Fields

Add CC To Email
incidentfield-addcctoemail_CHANGELOG.md
New incident field to add CC to Email.

Incident Types

incidenttype-Email_Communication_CHANGELOG.md
Added new Email Communication incident type.

Layouts

Email Communication
Added new Email Communication layout.

1.0.0 - 96994 (August 27, 2020)

EmailCommunication