How to retrieve URLs from the email body by using Logic Apps?

Question

Hi All, We have a separate email box for suspicious emails. Our users send emails to the mailbox, and our goal is to analyze emails automatically using logic apps. Suspicious emails come within User reports as an attachment. I tried to use regex but could not find any action. Could you please give me any recommendations for opening the attachments from the user report and retrieving the URLs if there are any in the email body? Thanks

Answer 1

Hi

Thanks for reaching out to Microsoft Q&A.

Did you tested these two solutions to your requirement? or youre looking for any other ideas? let me know

https://stackoverflow.com/questions/62570431/extract-the-body-of-email-using-logic-apps

https://stackoverflow.com/questions/64221261/retrieve-mail-attachments-in-logicapp-for-azure-function-call

Please Upvote and Accept as answer if the reply was helpful, this will be helpful to other community members.

Answer 2

Hi George,

If I may add another suggestion, I'd recommend you feed your mail logs into Microsoft Sentinel.

The logs should get cleanly parsed and THEN you can use kql to query the extracted urls.

Note that Logic apps also support kql queries, so directly in your logic app you can query your logs.

So my plan of attack would be:

1. use the data connectors in Sentinel to pull in your logs.

2, using the log viewer in Sentinel, run kql queries to experiment with the type of matches you're interested in.

3, create a logic app and use the log analytics workspace function to use the same kql as you did in sentinel to match your malicious emails.

Hope that helps.