Process email generic v2 (#30355)

* Process email generic v2 (#30159) * Allow rasterization of plain-text mails * update relase notes * apply format for release notes * Remove Period in yml file --------- Co-authored-by: Moshe Eichler <78307768+MosheEichler@users.noreply.github.com> * revert to master * RN * Update Packs/Phishing/ReleaseNotes/3_5_29.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> --------- Co-authored-by: rundssoar <139948408+rundssoar@users.noreply.github.com> Co-authored-by: Moshe Eichler <78307768+MosheEichler@users.noreply.github.com> Co-authored-by: MosheEichler <meichler@paloaltonetworks.com> Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
demisto · Oct 24, 2023 · cca237d · cca237d
1 parent 252a387
commit cca237d
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 2 deletions.
diff --git a/Packs/Phishing/Playbooks/Process_Email_-_Generic_v2.yml b/Packs/Phishing/Playbooks/Process_Email_-_Generic_v2.yml
@@ -3,7 +3,7 @@ version: -1
 contentitemexportablefields:
   contentitemfields: {}
 name: Process Email - Generic v2
-description: |
+description: |-
   This playbook adds email details to the relevant context entities and handles original email attachments.
 
   The v2 playbook enables parsing email artifacts more efficiently, including:
@@ -156,11 +156,25 @@ tasks:
                 root: Email
                 accessor: HTML
             iscontext: true
+          right:
+            value: {}
+        - operator: isExists
+          left:
+            value:
+              complex:
+                root: Email
+                accessor: Text
+            iscontext: true
       - - operator: isNotEmpty
           left:
             value:
               simple: Email.HTML
             iscontext: true
+        - operator: isNotEmpty
+          left:
+            value:
+              simple: Email.Text
+            iscontext: true
       - - operator: isExists
           left:
             value:
@@ -222,6 +236,13 @@ tasks:
         complex:
           root: Email
           accessor: HTML
+          transformers:
+          - operator: SetIfEmpty
+            args:
+              applyIfEmpty: {}
+              defaultValue:
+                value:
+                  simple: ${Email.Text="<html><body>"+val +"</body></html>"}
       offline:
         simple: 'true'
     reputationcalc: 1

diff --git a/Packs/Phishing/ReleaseNotes/3_5_29.md b/Packs/Phishing/ReleaseNotes/3_5_29.md
@@ -0,0 +1,5 @@
+#### Playbooks
+
+##### Process Email - Generic v2
+
+Updated playbook to support rendering a screenshot of plain-text emails.
diff --git a/Packs/Phishing/pack_metadata.json b/Packs/Phishing/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "Phishing",
     "description": "Phishing emails still hooking your end users? This Content Pack can drastically reduce the time your security team spends on phishing alerts.",
     "support": "xsoar",
-    "currentVersion": "3.5.28",
+    "currentVersion": "3.5.29",
     "serverMinVersion": "6.0.0",
     "videos": [
         "https://www.youtube.com/watch?v=SY-3L348PoY"