kbnmask
Member.
487 views

How to parsing mail body using SmartConnector

Hi everyone

Is there a way to parse the text part of the mail body with regular expressions using SmartConnector and send it to Arcsight?

Regards,

kbnmask

Tags (1)
0 Likes
4 Replies
Knowledge Partner
Knowledge Partner

Re: How to parsing mail body using SmartConnector

Email logs does not contain mail body content.

------------------------------------
Please use the Like button below, if you find this post useful or mark it as an accepted solution if it resolves your issue.
0 Likes
kbnmask
Member.

Re: How to parsing mail body using SmartConnector

Thank you for your reply.

However, instead of parsing the email body from the email log,
After connecting from the SmartConnector to the mail server by IMAP / POP,
I want to take in the mail file itself and want to parse it.

regards

kbnmask

0 Likes
martynbhp Super Contributor.
Super Contributor.

Re: How to parsing mail body using SmartConnector

Hi,

I think we need a little more information about what you are attempting to do. Obviously you wish to get information into ESM, but what type of information? Event data; User Data; Asset Data; Threat Data? 

Also where is it coming from BEFORE it is sent in an email? An HR system; an IT Service Management System; some other Application either in-house or COTS?

You might also like to visit the ArcSight Marketplace which has many off-the- shelf integration solutions:  https://marketplace.microfocus.com/arcsight

If in the end you have to parse the email message (and if you connect with POP3 or IMAP you will get only messages NOT the complete file), you will have to write, or find an experienced content writer to write a flex connector to parse the message body.

Regards,

M

0 Likes
Respected Contributor.. sharan Bhat Respected Contributor..
Respected Contributor..

Re: How to parsing mail body using SmartConnector

Hello,

If you are using Office365. You can dump the contents of the mail to a one-drive excel file using flows.

Using powershell download them to your local directory and use a filereader flex to parse them. The body of the mail would be in a XML format.  The solution is farfetched though!

 

regards

Sharan Bhat

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.