Please forgive me we are new to using Connect … We are having problems with the email not being pulled in from O365 when the original email has an attachment. Everything else seems to be working. We have a trigger for new emails to a security mailbox. If there is no attachment it send the user an email asing them to submit the email in a certain way. It works when a user sends an email to the mailbox with the original email attached or uses the report button in outlook. The workflow then processes the email by parsing out the urls and running them through virustotal. But, if the original has an attachment it does nothing. Any thoughts or direction?
Are you flattening the email when you bring it in?
Then you can loop through them using
Yes we are flattening them. The emails (if the original has an attachment) never get into connect. The ones without an attachment in the original email flow through perfectly.
can you confirm that you are using rapid7/microsoft_office365_email:4.1.7 and your App Registration contains these permissions?
I am using this plugin with these permissions and the Report Phish button from outlook that attaches the original email as an attachment so we get the full headers from it and it works fine. I don’t see any other settings that could affect this other than filter on the subject?
Do you see anything in the docker container log that could shed any light?
I believe the permissions are set that way but I will have to verify with the systems team I will post that shortly either way
I found it … although I had updated the plugin I did not go back and update the workflow after to use the new plugin. Thank you for helping me see that.