I've been asked about using business rules to automatically assign from tickets to groups. I've done a few basic ones and they work great. I have one now that I think might be able to be done using EMAIL COMMAND parsing .. well .. if that does what I think it does.

We have a logon GPO that runs a detection script looking for "fingerprints" of several Crypto Locker type infections.  When it finds one it sends an email to SDP with a canned subject line .. so I can key off that .. the part I'm looking for is the host name and user are contained in the description of the email.  So I'm hoping to use that info to further assign tickets

Sample desc:

Found the following on TXR-PC27 where current user is psmith:
HKEY_CURRENT_USER\Software\_crypto_notify_test_please_ignore_

The TXR-PC27 is host and the TXR would ID the site for me.

Is there any detailed info on the use the E-MAIL command that anyone can point me at?