Read Delivered Malicious Messages

Fetch events for messages delivered in the specified time period which contained a known threat.

The events returned for a specified range are based on the time that the event was created, not the time that the event occurred. The time that an event is created is the later of the following:

  • The time that the message was sent
  • The time that the threat referenced by the message was recognized by Proofpoint

The input fields in this card are dynamically generated based on your instance.

Options

Field Definition Type Required
Range Type Choose from available ranges; options are Interval, Since Time, or Since Seconds Ago. Dropdown TRUE

Input

Field Definition Type Required
timeRange
Interval Time interval to query in ISO 8601 format. The minimum interval allowed is 30 seconds and the maximum interval is 1 hour. Date & Time TRUE
Since Time Start time of query in ISO 8601 format. The end of the period is the current API server time rounded to the nearest minute. Date & Time TRUE
Since Seconds Ago Set start time of query to this many seconds before the current API server time (rounded to the nearest minute). Number TRUE

Output

Field Definition Type
Query End Time Time the period being queried ended. Date & Time
Messages
Spam Score Message's spam score. Number
Phish Score Message's phish score. Number
Impostor Score Message's imposter score. Number
Malware Score Message's malware score. Number
Threats Info Map Array of structures containing details of threats found in the message. array
Sender Email address of sender; user-part is hashed and domain-part in plaintext. String
Recipient Email addresses of the recipients. String
Sender IP IP address of sender. String
Message ID Non-unique Message-ID extracted from headers of the email message. String
Message Time Time when message was delivered to user or quarantined. Date & Time
Message Size Size of message in bytes. Number
ID UUID of the event. String
QID Queue ID of the message in PPS. String
GUID Unique ID of message in PPS. String
From Address Email address extracted from the From: header of the message, excluding friendly name. String
cc Addresses List of email addresses from the CC: header, excluding friendly names. String
Reply To Addresses Email address from the Reply-To: header, excluding friendly name. String
To Addresses List of email addresses from the To: header, excluding friendly names. String
Header From Full From: header, including any friendly name. String
Header Reply To Full Reply-To: header (if present), including friendly name. String
Completely Rewritten Rewrite status of message. String
Cluster Name of the PPS cluster that processed the message. String
Subject Subject line of the message. String
Quarantine Folder Name of folder that contains the quarantined message. String
Quarantine Rule Name of rule that quarantined the message. String

Related topics

Proofpoint connector

Workflow elements

Proofpoint API documentation