Skip to main content

Email

The Email Action sends emails to recipients specified in the Action options.

Use the Email Action to notify individuals of important occurrences using data from upstream Events. For example: alert team members of malicious behaviour detected in firewall logs; notify engineers of the results of a vulnerability scan; notify employees of suspicious activity related to their accounts.

Features

  • Send emails on receipt of events.
  • Send emails in text or HTML format.
  • Customize body and subject of email using the Action options.
  • Emails will be sent from support@tines.io.
  • Use the prompt widget to automate recipient responses.
  • As well as sending the email to recipients, an Event containing send status will be emitted by the action.

Configuration Options

  • recipients: Include an email address (or an array of email addresses) to whom the email should be sent.
  • cc: (Optional) Include an email address (or an array of email addresses) that should be CC'ed on the email.
  • bcc: (Optional) Include an email address (or an array of email addresses) that should be BCC'ed on the email.
  • subject: Include a subject for the email. Include information from upstream events by specifying the key.
  • body: (Optional) Customize the body of the email. Include information from upstream events by specifying a wrapped JSONPath (examples below). The body can contain simple HTML and will be sanitized. When using body, it will be wrapped with <html> and <body> tags, so these do not need to be added.
  • content_type: (Optional) Provide a content type for the email by specifying text/plain or text/html. If you do not specify content_type, then the recipient email server will determine the correct rendering.
  • attachments: (Optional) Send one or more attachments as part of the email. Specify filename and its contents encoded in base64 base64encodedcontents in an object, per file.

Emitted Events

Events emitted by the Email action look similar to the below:

{
  "status": "Sent email to alice@example.com with Event 1010"
}

Example Configuration Options

Send a simple email to one recipient:

{
  "recipients": "alice@example.com",
  "subject": "Example email from Tines",
  "body": "A real email body could go here"
}

Send an HTML email to multiple recipients including Event data from an upstream Action:

{
  "recipients": ["alice@example.com", "bob@example.com"],
  "subject": "Vulnerability scan completed",
  "body": "The scan has completed. <br /><br /><b>Hosts scanned:</b> {{.host_count}}<br /><b>Vulnerabilities detected: </b> {{vulnerability_count}}",
  "content_type": "text/html"
}

Send an HTML email with a prompt in the body, and including data from an upstream Action:

{
  "recipients": ["alice@example.com", "bob@example.com"],
  "subject": "Action Required on your account.",
  "body": "Hi Alice,<br /><br />We detected an unusual sign-in on your account:<br /><b>Time: </b>{{.get_alert.timestamp}}<br /><b>IP Address: </b>{{.get_alert.ip}}<br /><b>Browser: </b>{{.get_alert.browser}}<br /><br />If you recognize this activity, there is no action required. If you do not recognize this activity, click <a href='{% prompt compromised %}'>here</a>.<br /><br />Thank you.",
  "content_type": "text/html"
}

Send an attachment as part of an email:

{
  "recipients": "thomas@tines.xyz",
  "subject": "See Attached",
  "body": "See attached the file I mentioned",
  "attachments": [
    {
      "filename": "{{.download_file.body.filename}}",
      "base64encodedcontents": "{{.download_file.body.base64encodedcontents}}"
    }
  ]
}