forked from demisto/content
-
Notifications
You must be signed in to change notification settings - Fork 13
/
PreprocessEmail.yml
44 lines (44 loc) · 1.37 KB
/
PreprocessEmail.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
args:
- defaultValue: ${incident.attachment}
description: Attachments
isArray: true
name: attachments
- description: Files
name: files
- name: CreateIncidentUntaggedEmail
description: Allow the creation of an email for which we can't find an existing incident.
defaultValue: 'true'
- name: reputation_calc_async
auto: PREDEFINED
predefined:
- 'true'
- 'false'
description: Specify whether to calculate the reputation in an asynchronous way.
defaultValue: 'false'
comment: |-
Preprocessing script for email communication layout.
This script checks if the incoming email contains an Incident ID to link the mail to an existing incident, and tags the email as "email-thread".
This script runs with elevated permissions.
Cortex XSOAR recommends using the built-in RBAC functionality to limit access to only those users requiring access to this script.
For more information about the preprocessing rules, refer to: https://demisto.developers.paloaltonetworks.com/docs/incidents/incident-pre-processing
commonfields:
id: PreprocessEmail
version: -1
enabled: true
name: PreprocessEmail
script: ''
subtype: python3
system: true
tags:
- email
- preProcessing
type: python
dockerimage: demisto/python3:3.10.12.68300
runas: DBotRole
tests:
- No tests (auto formatted)
fromversion: 5.0.0
contentitemexportablefields:
contentitemfields:
fromServerVersion: ''
scripttarget: 0