All Apps and Add-ons

How to configure the IMAP Mailbox app to download mail attachments of an email?

ctaf
Contributor

Hello,

Does anyone know how to modify the IMAP Mailbox App so that it downloads the attachment of an email and not only the subject/body?
I have some emails that contains text files (CSV for example) and I would like to index them as well.

I checked this old post: https://answers.splunk.com/answers/222827/does-imap-mailbox-support-indexing-of-attachments.html
But it didn't help.

Maybe someone has an idea?

Thanks

1 Solution

jkat54
SplunkTrust
SplunkTrust

It can be done, but it's not built in functionality of the imap app. Here's what I suggest / my idea:

 1. Find a python developer.
 2. Give them the get_imap_email.py file from the imap mailboxapps bin folder
 3. ask them to implement a function that retrieves the attachments, short cut here:
 http://stackoverflow.com/questions/6225763/downloading-multiple-attachments-using-imaplib
 4. tell them to put the attachments into /path/to/your/imap/app/folder/(tmp folder you create)
 5. Setup inputs.conf in imap app to look for .csv files in that folder and index them accordingly

Note that images such as logos, facebook icons, and many many other things are "attachments" in email land. They will come in as binary files and will fill your temporary directory. You should ask the python developer to make it so it will only download csv files, or delete all but csv files in the temp folder once downloaded, etc.

 6. Last but not least, pay the developer well for his/her time.

View solution in original post

jkat54
SplunkTrust
SplunkTrust

It can be done, but it's not built in functionality of the imap app. Here's what I suggest / my idea:

 1. Find a python developer.
 2. Give them the get_imap_email.py file from the imap mailboxapps bin folder
 3. ask them to implement a function that retrieves the attachments, short cut here:
 http://stackoverflow.com/questions/6225763/downloading-multiple-attachments-using-imaplib
 4. tell them to put the attachments into /path/to/your/imap/app/folder/(tmp folder you create)
 5. Setup inputs.conf in imap app to look for .csv files in that folder and index them accordingly

Note that images such as logos, facebook icons, and many many other things are "attachments" in email land. They will come in as binary files and will fill your temporary directory. You should ask the python developer to make it so it will only download csv files, or delete all but csv files in the temp folder once downloaded, etc.

 6. Last but not least, pay the developer well for his/her time.

ctaf
Contributor

Hmm Thank you I had this idea but I was thinking that maybe someone had already coded this feature.

0 Karma

arrowecssupport
Communicator

Did you get anywhere with this?

0 Karma
Get Updates on the Splunk Community!

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...