How to check the email body for the match condition to create security incident using Email Parser?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-24-2024 02:34 AM
How to check the email body for the match condition to create security incident using Email Parser?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-24-2024 05:26 AM
To check the email body for a value, create a new Field Transform on your email parser. On the Field Transform, there is a dropdown field called Search for value that you will use to tell the parser where to look for the value. There are four values, but I will call out two, specifically:
At the start of a line in the email body - This will look for your value at the beginning of a new line
Anywhere in the email body - This will look for your value anywhere in the body of the email, including the middle of a line.
You can then use the End of value field on the Field Transform to tell the email parser how much information to gather. You will have the following options:
- End of line - This will take all of the text from the rest of the line.
- End of email - This will take all of the text from the rest of the email
- Until - This will take all of the text until a specified point, which is specified in another field: Value suffix.
**If you find that this post is helpful, please mark it as helpful. If it answers your question, please mark it as resolved.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-04-2024 01:52 PM
I just wanted to check-in and see if my response was helpful or answered your question? Did you end up implementing Email Parsing?
**If you find that this post is helpful, please mark it as helpful. If it answers your question, please mark it as resolved.