diff --git a/Packs/CommonScripts/ReleaseNotes/1_12_35.md b/Packs/CommonScripts/ReleaseNotes/1_12_35.md new file mode 100644 index 000000000000..74d699fabab1 --- /dev/null +++ b/Packs/CommonScripts/ReleaseNotes/1_12_35.md @@ -0,0 +1,3 @@ +#### Scripts +##### ParseEmailFilesV2 +- Updated the Docker image to: *demisto/parse-emails:1.0.0.78248*. \ No newline at end of file diff --git a/Packs/CommonScripts/Scripts/ParseEmailFilesV2/ParseEmailFilesV2.yml b/Packs/CommonScripts/Scripts/ParseEmailFilesV2/ParseEmailFilesV2.yml index aacd7a00478e..d7d5d993dad6 100644 --- a/Packs/CommonScripts/Scripts/ParseEmailFilesV2/ParseEmailFilesV2.yml +++ b/Packs/CommonScripts/Scripts/ParseEmailFilesV2/ParseEmailFilesV2.yml @@ -1,17 +1,17 @@ args: - default: true - description: Entry ID with the Email as a file in msg or eml format + description: Entry ID with the Email as a file in msg or eml format. name: entryid required: true - auto: PREDEFINED defaultValue: "false" - description: Will parse only the headers and return headers table + description: Will parse only the headers and return headers table. name: parse_only_headers predefined: - "true" - "false" - defaultValue: "3" - description: How many levels deep we should parse the attached emails (e.g. email contains an emails contains an email). Default depth level is 3. Minimum level is 1, if set to 1 the script will parse only the first level email + description: How many levels deep we should parse the attached emails (e.g. email contains an emails contains an email). Default depth level is 3. Minimum level is 1, if set to 1 the script will parse only the first level email. name: max_depth - defaultValue: "All files" description: In case of nested email files (for instance, an EML file inside an EML file), determines which of the email files to return as an output. "All files" - will return all nested email files as output, "Outer file" - will return only the "outer" email file as output, "Inner file" - will return only the most "inner" email file as output. In case "Inner file" was chosen together with the 'max_depth' argument, the inner email will be considered as the email in the depth of the `max_size` argument. @@ -24,7 +24,7 @@ args: description: Use only the force encoding when parsing the message, e.g 'iso-2022-jp'. Relevant to msg files only. - name: default_encoding description: Use only the default encoding when parsing the message with the detected encoding fails, e.g 'utf-8'. Relevant to msg files only. -comment: Parse an email from an eml or msg file and populate all relevant context data to investigate the email. Also extracts inner attachments and returns them to the war room. The incident labels themselves are preserved and not modified - only the "Label/x" context items that originated from the labels, and the best practice is to rely on these for the remainder of the playbook. This script is based on the parse-emails XSOAR python package, check the script documentation for more info +comment: Parse an email from an eml or msg file and populate all relevant context data to investigate the email. Also extracts inner attachments and returns them to the war room. The incident labels themselves are preserved and not modified - only the "Label/x" context items that originated from the labels, and the best practice is to rely on these for the remainder of the playbook. This script is based on the parse-emails XSOAR python package, check the script documentation for more info. commonfields: id: ParseEmailFilesV2 version: -1 @@ -35,28 +35,28 @@ outputs: description: This shows to whom the message was addressed, but may not contain the recipient's address. type: string - contextPath: Email.CC - description: Email 'cc' addresses + description: Email 'cc' addresses. type: string - contextPath: Email.From description: This displays who the message is from, however, this can be easily forged and can be the least reliable. type: string - contextPath: Email.Subject - description: Email subject + description: Email subject. type: string - contextPath: Email.HTML - description: Email 'html' body if exists + description: Email 'html' body if exists. type: string - contextPath: Email.Text - description: Email 'text' body if exists + description: Email 'text' body if exists. type: string - contextPath: Email.Depth - description: The depth of the email. Depth=0 for the first level email. If email1 contains email2 contains email3. Then email1 depth is 0, email2 depth is 1, email3 depth is 2 + description: The depth of the email. Depth=0 for the first level email. If email1 contains email2 contains email3. Then email1 depth is 0, email2 depth is 1, email3 depth is 2. type: number - contextPath: Email.Headers - description: Deprecated - use Email.HeadersMap output instead. The full email headers as a single string + description: Deprecated - use Email.HeadersMap output instead. The full email headers as a single string. type: string - contextPath: Email.HeadersMap - description: The full email headers json + description: The full email headers json. type: Unknown - contextPath: Email.HeadersMap.From description: This displays who the message is from, however, this can be easily forged and can be the least reliable. @@ -65,40 +65,40 @@ outputs: description: This shows to whom the message was addressed, but may not contain the recipient's address. type: Unknown - contextPath: Email.HeadersMap.Subject - description: Email subject + description: Email subject. type: String - contextPath: Email.HeadersMap.Date - description: The date and time the email message was composed + description: The date and time the email message was composed. type: Unknown - contextPath: Email.HeadersMap.CC - description: Email 'cc' addresses + description: Email 'cc' addresses. type: Unknown - contextPath: Email.HeadersMap.Reply-To - description: The email address for return mail + description: The email address for return mail. type: String - contextPath: Email.HeadersMap.Received - description: List of all the servers/computers through which the message traveled + description: List of all the servers/computers through which the message traveled. type: String - contextPath: Email.HeadersMap.Message-ID - description: A unique string assigned by the mail system when the message is first created. These can easily be forged. (e.g. 5c530c1b.1c69fb81.bd826.0eff@mx.google.com) + description: A unique string assigned by the mail system when the message is first created. These can easily be forged. (e.g. 5c530c1b.1c69fb81.bd826.0eff@mx.google.com). type: String - contextPath: Email.AttachmentsData.Name - description: The name of the attachment + description: The name of the attachment. type: String - contextPath: Email.AttachmentsData.Content-ID - description: The content-id of the attachment + description: The content-id of the attachment. type: String - contextPath: Email.AttachmentsData.Content-Disposition - description: The content-disposition of the attachment + description: The content-disposition of the attachment. type: String - contextPath: Email.AttachmentsData.FilePath - description: The location of the attachment, on the XSOAR server + description: The location of the attachment, on the XSOAR server. type: String - contextPath: Email.AttachmentNames - description: The list of attachment names in the email + description: The list of attachment names in the email. type: string - contextPath: Email.Format - description: The format of the email if available + description: The format of the email if available. type: string runas: DBotWeakRole script: '' @@ -113,4 +113,4 @@ type: python fromversion: 5.0.0 tests: - ParseEmailFilesV2-test -dockerimage: demisto/parse-emails:1.0.0.75644 +dockerimage: demisto/parse-emails:1.0.0.78248 diff --git a/Packs/CommonScripts/pack_metadata.json b/Packs/CommonScripts/pack_metadata.json index 7c54d0b8595d..48cecf3be554 100644 --- a/Packs/CommonScripts/pack_metadata.json +++ b/Packs/CommonScripts/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Common Scripts", "description": "Frequently used scripts pack.", "support": "xsoar", - "currentVersion": "1.12.34", + "currentVersion": "1.12.35", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "",