Email Integration with Resilient is a great way of Integration but it has to be easier to configure, flexible to change its behavior, and also less needed resources.
So, Instead of configuring the One Mail parser script to consume your emails from one mail box and create incident, we could just have a web UI "button" that run through wizard to configure templates, and then allow incident creation based on those Templates (it could be predefined for SIEM, Firewalls, Ticketing systems..etc, and/or custom template) just like the template that we use with Qradar App for resilient automatic escalation.
The advantage here:
Firstly, It will be easier for the users that do not have coding skills to create custom Mail Parser scripts, and also it will not be strict for just one template as we could have many templates, and it will be much easier to edit or change the incident field mapping based on the mail content of your security controls or your users.
secondly, it will be great if we could allow incident escalation from Multiple mailboxes to more than one organization (in the current model of email integration I had to setup two or more Irhub servers to allow monitoring two or more mailboxes and escalate incident to different organizations on resilient, and that required linux server for every Irhub)
On the other hand it will be nice, if we can make a plugin for Mail servers (outlook for example) to send email to resilient like the OOTB SIEM APPs based on Templates (Manually or automatically).
In addition, for the Outbound and Bi-Directional Integration, if we can make the same to use a web UI wizard instead of creating the Mail HTML template by yourself to send emails from within the incident.
Lastly, if it is possible to automate the Identification of the incidents to allow updating incidents or create new ones and bidirectionally integrate smoothly without need to create a unique Identifier by your self.