| Action |
Action taken on the entity |
String |
| ActionResult |
Result of the action |
String |
| ActionTrigger |
Indicates whether an action was triggered by an administrator (manually or through approval of a pending automated action), or by some special mechanism, such as a ZAP or Dynamic Delivery |
String |
| ActionType |
Type of activity that triggered the event |
String |
| DeliveryLocation |
Location where the email was delivered: Inbox/Folder, On-premises/External, Junk, Quarantine, Failed, Dropped, Deleted items |
String |
| DetectionMethods |
Methods used to detect malware, phishing, or other threats found in the email |
String |
| EmailDirection |
Direction of the email relative to your network: Inbound, Outbound, Intra-org |
String |
| InternetMessageId |
Public-facing identifier for the email that is set by the sending email system |
String |
| NetworkMessageId |
Unique identifier for the email, generated by Microsoft 365 |
String |
| RecipientEmailAddress |
Email address of the recipient, or email address of the recipient after distribution list expansion |
String |
| ReportId |
Unique identifier for the event |
String |
| SenderFromAddress |
Sender email address in the FROM header, which is visible to email recipients on their email clients |
String |
| SourceSystem |
|
String |
| TenantId |
|
String |
| ThreatTypes |
Verdict from the email filtering stack on whether the email contains malware, phishing, or other threats |
String |
| TimeGenerated |
|
DateTime |
| Timestamp |
Date and time when the record was generated |
DateTime |
| Type |
|
String |