I’m new to StackForm and currently in the “kicking the tires” phase. My primary use case is from a Security Operations perspective and using StackStorm to monitor a phishing inbox, pull down the attachment (.msg file), and extra fields within it to perform analysis.
I was wondering if anyone else is using StackStorm in a similar setup and if the email pack could truly pull down and extract a .msg file as well as any other attachments within the .msg file.
- Bob gets a phishing email and reports it to email@example.com.
- Phishing@company.com receives an email in the Inbox from Bob with a .msg attachment.
- StackStorm opens up the .msg file and sees that there is an attachment (.pdf) as well as some URLs in the body of the message.
- StackStorm pulls down the URLs and runs some Python scripts that performs URL looksups and security intelligence.
- StackStorm pulls the SHA256 hash of the attachment and performs similar hash lookups.
- StackStorm pulls the PDF file and uploads it to a sandbox for additional analysis.
- Depending on the outcome of the above actions, a ticket is opened up and/or an email sent to the reporter.