| Title | Extract observables from email message |
|---|---|
| ID | RA2205 |
| Description | Extract observables from an email message |
| Author | @atc_project |
| Creation Date | 2019/01/31 |
| Category | |
| Stage | RS0002: Identification |
| Automation |
|
| References |
Workflow
Extract the data for further response steps:
- attachments (using munpack tool:
munpack email.eml) - from, to, cc
- subject of the email
- received servers path
- list of URLs from the text content of the mail body and attachments
This Response Action could be automated with TheHive EmlParser.