How to check the email body for the match condition to create security incident using Email Parser?

Sangeetha7996
Tera Contributor

How to check the email body for the match condition to create security incident using Email Parser?

2 REPLIES 2

PatrickMutchler
Tera Guru

@Sangeetha7996,

 

To check the email body for a value, create a new Field Transform on your email parser.  On the Field Transform, there is a dropdown field called Search for value that you will use to tell the parser where to look for the value.  There are four values, but I will call out two, specifically: 

 

At the start of a line in the email body - This will look for your value at the beginning of a new line

Anywhere in the email body - This will look for your value anywhere in the body of the email, including the middle of a line.

PatrickMutchler_0-1716553282152.png

 

You can then use the End of value field on the Field Transform to tell the email parser how much information to gather.  You will have the following options:

  • End of line - This will take all of the text from the rest of the line.
  • End of email - This will take all of the text from the rest of the email
  • Until - This will take all of the text until a specified point, which is specified in another field: Value suffix.

PatrickMutchler_1-1716553513407.png

**If you find that this post is helpful, please mark it as helpful.  If it answers your question, please mark it as resolved.

 

@Sangeetha7996,

 

I just wanted to check-in and see if my response was helpful or answered your question?  Did you end up implementing Email Parsing?

 

**If you find that this post is helpful, please mark it as helpful.  If it answers your question, please mark it as resolved.