Get Original Email - Generic v2
This v2 playbook is used inside the phishing flow. The inputs in this version do not use labels and also allow the user to supply an email brand. Note: You must have the necessary permissions in your email service to execute a global search. To retrieve the email files directly from the email service providers, use one of the provided inputs (Agari Phishing Defense customers should also use the following): - EWS: eDiscovery - Gmail: Google Apps Domain-Wide Delegation of Authority - MSGraph: As described in the [message-get API](https://docs.microsoft.com/en-us/graph/api/message-get) and the [user-list-messages API](https://docs.microsoft.com/en-us/graph/api/user-list-messages) - EmailSecurityGateway retrieves EML files from: * FireEye EX * FireEye CM * Proofpoint Protection Server * Mimecast
Phishing · 8 tasks · 3 inputs · 12 outputs
Inputs
MessageID— The original email message ID to retrieve. This should hold the value of the "Message-ID" header of the original email.UserID— The email address of the user to fetch the original email for. For Gmail, the authenticated user.EmailBrand— If this value is provided, only the relevant playbook runs. If no value is provided, all sub-playbooks are run. Possible values: - Gmail - EWS v2 - EWSO365 - MicrosoftGraphMail - EmailSecurityGateway Choosing EmailSecurityGateway executes the following if enabled: - FireEye EX (Email Security) - Proofpoint TAP - Mimecast
Outputs
Email— The email object.File— The original email attachments.Email.To— The email recipient.Email.From— The email sender.Email.CC— The CC address of the email.Email.BCC— The BCC address of the email.Email.HTML— The email HTML.Email.Body— The email text body.Email.Headers— The email headers.Email.Subject— The email subject.Email.HeadersMap— The email headers map.reportedemailentryid— If the original EML was retrieved, this field holds the file's Entry ID.