The Email Action sends emails to recipients specified in the Action options.
Use the Email Action to notify individuals of important occurrences using data from upstream Events. For example: alert team members of malicious behaviour detected in firewall logs; notify engineers of the results of a vulnerability scan; notify employees of suspicious activity related to their accounts.
Features
- Send emails on receipt of events.
- Send emails in text or HTML format.
- Customize
bodyandsubjectof email using the Action options. - Emails will be sent from support@tines.io.
- Use the prompt widget to automate recipient responses.
- As well as sending the email to recipients, an Event containing send status will be emitted by the action.
Configuration Options
recipients: The email address (or an array of email addresses) to which the email should be sent.reply_to: (Optional) An email address to which any replies to the email should be sent.cc: (Optional) An email address (or an array of email addresses) that should be CC'ed on the email.bcc: (Optional) An email address (or an array of email addresses) that should be BCC'ed on the email.subject: A subject for the email. Include information from upstream events by by inserting value pills.body: (Optional) Customize the body of the email. Include information from upstream events by inserting value pills. The body can contain simple HTML and will be sanitized. When usingbody, it will be wrapped with<html>and<body>tags, so these do not need to be added.content_type: (Optional) Provide a content type for the email by specifyingtext/plainortext/html. If you do not specifycontent_type, then the recipient email server will determine the correct rendering.attachments: (Optional) Send one or more attachments as part of the email. For each file, specifyfilename, its contents encoded in base64base64encodedcontentsandcontent_type, in an object. Thecontent_typeis "auto" by default and automatically infers the content-type of the file.
Emitted Events
Events emitted by the Email action look similar to the below:
{
"status": "Sent email to alice@example.com with Event 1010"
}
Example Configuration Options
Send a simple email to one recipient:
{
"recipients": "alice@example.com",
"subject": "Example email from Tines",
"body": "A real email body could go here"
}
Send a simple email to one recipient and specify that replies should be sent to a specific address:
{
"recipients": "alice@example.com",
"reply_to": "bob@example.com",
"subject": "Example email from Tines",
"body": "A real email body could go here"
}
Send an HTML email to multiple recipients including Event data from an upstream Action:
{
"recipients": ["alice@example.com", "bob@example.com"],
"subject": "Vulnerability scan completed",
"body": "The scan has completed. <br /><br /><b>Hosts scanned:</b> {{.host_count}}<br /><b>Vulnerabilities detected: </b> {{vulnerability_count}}",
"content_type": "text/html"
}
Send an HTML email with a prompt in the body, and including data from an upstream Action:
{
"recipients": ["alice@example.com", "bob@example.com"],
"subject": "Action Required on your account.",
"body": "Hi Alice,<br /><br />We detected an unusual sign-in on your account:<br /><b>Time: </b>{{.get_alert.timestamp}}<br /><b>IP Address: </b>{{.get_alert.ip}}<br /><b>Browser: </b>{{.get_alert.browser}}<br /><br />If you recognize this activity, there is no action required. If you do not recognize this activity, click <a href='{% prompt compromised %}'>here</a>.<br /><br />Thank you.",
"content_type": "text/html"
}
Send an attachment as part of an email:
{
"recipients": "thomas@tines.xyz",
"subject": "See Attached",
"body": "See attached the file I mentioned",
"attachments": [
{
"filename": "{{.download_file.body.filename}}",
"base64encodedcontents": "{{.download_file.body.base64encodedcontents}}"
}
]
}