The Email Action sends emails to recipients specified in the Action options.
Use the Email Action to notify individuals of important occurrences using data from upstream Events. For example: alert team members of malicious behaviour detected in firewall logs; notify engineers of the results of a vulnerability scan; notify employees of suspicious activity related to their accounts.
Features
- Send emails on receipt of events.
- Send emails in text or HTML format.
- Customize
body
andsubject
of email using the Action options. - Emails will be sent from support@tines.io.
- Use the prompt widget to automate recipient responses.
- As well as sending the email to recipients, an Event containing send status will be emitted by the action.
Configuration Options
recipients
: The email address (or an array of email addresses) to which the email should be sent.reply_to
: (Optional) An email address to which any replies to the email should be sent.cc
: (Optional) An email address (or an array of email addresses) that should be CC'ed on the email.bcc
: (Optional) An email address (or an array of email addresses) that should be BCC'ed on the email.subject
: A subject for the email. Include information from upstream events by by inserting value pills.body
: (Optional) Customize the body of the email. Include information from upstream events by inserting value pills. The body can contain simple HTML and will be sanitized. When usingbody
, it will be wrapped with<html>
and<body>
tags, so these do not need to be added.content_type
: (Optional) Provide a content type for the email by specifyingtext/plain
ortext/html
. If you do not specifycontent_type
, then the recipient email server will determine the correct rendering.attachments
: (Optional) Send one or more attachments as part of the email. For each file, specifyfilename
, its contents encoded in base64base64encodedcontents
andcontent_type
, in an object. Thecontent_type
is "auto" by default and automatically infers the content-type of the file.
Emitted Events
Events emitted by the Email action look similar to the below:
{
"status": "Sent email to alice@example.com with Event 1010"
}
Example Configuration Options
Send a simple email to one recipient:
{
"recipients": "alice@example.com",
"subject": "Example email from Tines",
"body": "A real email body could go here"
}
Send a simple email to one recipient and specify that replies should be sent to a specific address:
{
"recipients": "alice@example.com",
"reply_to": "bob@example.com",
"subject": "Example email from Tines",
"body": "A real email body could go here"
}
Send an HTML email to multiple recipients including Event data from an upstream Action:
{
"recipients": ["alice@example.com", "bob@example.com"],
"subject": "Vulnerability scan completed",
"body": "The scan has completed. <br /><br /><b>Hosts scanned:</b> {{.host_count}}<br /><b>Vulnerabilities detected: </b> {{vulnerability_count}}",
"content_type": "text/html"
}
Send an HTML email with a prompt in the body, and including data from an upstream Action:
{
"recipients": ["alice@example.com", "bob@example.com"],
"subject": "Action Required on your account.",
"body": "Hi Alice,<br /><br />We detected an unusual sign-in on your account:<br /><b>Time: </b>{{.get_alert.timestamp}}<br /><b>IP Address: </b>{{.get_alert.ip}}<br /><b>Browser: </b>{{.get_alert.browser}}<br /><br />If you recognize this activity, there is no action required. If you do not recognize this activity, click <a href='{% prompt compromised %}'>here</a>.<br /><br />Thank you.",
"content_type": "text/html"
}
Send an attachment as part of an email:
{
"recipients": "thomas@tines.xyz",
"subject": "See Attached",
"body": "See attached the file I mentioned",
"attachments": [
{
"filename": "{{.download_file.body.filename}}",
"base64encodedcontents": "{{.download_file.body.base64encodedcontents}}"
}
]
}