EXPLORE
Sign In
← Back to Explore
sublimeRule

Attachment: Any EML file

Any EML attachment. This rule can be combined with a webhook action for further analysis of attached EML files, eg via the analysis API.

Detection Query

type.inbound
and any(attachments, .file_extension =~ 'eml')

Author

und3rf10w

Data Sources

Email MessagesEmail HeadersEmail Attachments

Platforms

email
Raw Content
name: "Attachment: Any EML file"
description: |
  Any EML attachment. This rule can be combined with a webhook action for further analysis
  of attached EML files, eg via the analysis API.
type: "rule"
authors:
  - twitter: "und3rf10w"
source: |
  type.inbound
  and any(attachments, .file_extension =~ 'eml')