The Intelligence Mailbox Reports Connector for ThreatQ enables analysts to use an email inbox for spearphish submissions as well as intelligence sharing. The email itself will be added as a File in ThreatQ, with its articles added as related Reports and all IoCs or other attachments found in the email related correspondingly

    This integration is based on the IMAP Connector for ThreatQ integration with the following updated processes:

• Modifies to upload a report (with corresponding attributes) to TQ for each article in the
•     email instead of one event for the whole email.
•     Adds TLP as attributes.
•     Adds the entire email as a related Attachment.
•     Relates IoCs in articles to article Reports.
•     Removes forwarded email spearphish functionality