- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
mail parser and comments (name field)
hello ,
we're currently testing a modified mail packet parser provided by the content team.
It processes the comments part of the email addresses from the email fields.
Specifically, for any fields tagging email.src/dst [mail options] it will tag the comment (quite often the sender's alleged name) into fullname.src and fullname.dst .
i.e. To: "Alice Jones" <ajones@example.com>, Bob <bsmith@example.com>, charles@example.com <--- This header has three targets. The first two targets contain a comment. and will get tagged into fullname.dst]
should feel this a feature worth keeping in the parser (e.g. for phishing email detection), please contact your account manager or support for an RFE to incorporate it into the parser officially (or perhaps to if you wish to test it as well) .
- Tags:
- Community Thread
- Discussion
- Forum Thread
- mail parser
- NetWitness
- NW
- NWP
- Packet Decoder
- RSA NetWitness
- RSA NetWitness Platform
