Fetch Submitted Emails

Updated 1 week ago by Elvis Hovor

Description

In the TruSTAR App for Demisto, this command fetches all emails from the Phishing Vetting Indicators Enclave that fit the criteria specified in the command.

This command is only available if you have the Phishing Triage feature enabled in TruSTAR

Format

trustar-get-phishing-submissions

Example

!trustar-get-phishing-submissions from_time="Last 7 days"

Inputs

Argument

Description

Required

priority_event_score

Priority event score of the email submission. Only emails with the specified scores will be returned.

Legal values are -1, 0, 1, 2, 3. You can specify multiple values by separating the values with commas. The default is to return items with any legal value.

No

from_time

Start of time window. Legal formats are

  • ISO 8601 (YYYY-MM-DD HH:MM:SS
  • Relative time LAST <##> <time period> where an example is LAST 1 MONTH

Default is the last 24 hours.

No

to_time

End of time window. Legal formats are

  • ISO 8601 (YYYY-MM-DD HH:MM:SS
  • Relative time LAST <##> <time period> where an example is LAST 1 MONTH

Default is the current time.

No

status

Email submissions that match the specified status.

Legal values are UNRESOLVED, CONFIRMED, and IGNORED. You can specify more than one value by separating the values using commas. The default is to return emails with any legal value.

No

Output

A list of all Intel Reports in the Phishing Vetted Indicators Enclave that match the command arguments.

If no arguments are specified, the command returns up to 1000 of the most recent Intel Reports in that enclave.


How Did We Do?