Fetch a list of messages in the users organization and its child organizations.
External DocumentationTo learn more, visit the Cisco Advanced Phishing Protection documentation.

Parameters

ParameterDescription
Advanced SearchSearch using the advanced search syntax.
End DateThe latest date time a search should target. Current date as default.
LimitThe amount of records to be returned.
OffsetThe offset of the returned records.
Start DateThe earliest date time a search should target. Current date as default.

Example Output

[
	{
		"authenticity": 0,
		"date": "2024-01-29T20:55:39.492Z",
		"domain_reputation": 0,
		"from": "user@example.com",
		"from_domain": "example.com",
		"id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
		"mail_from": "user@example.com",
		"message_id": "string",
		"message_trust_score": 0,
		"reply_to": "user@example.com",
		"sbrs": "string",
		"uris": [
			"string"
		],
		"subject": "string",
		"timestamp_ms": 0,
		"to": "string",
		"attachment_extensions": [
			"string"
		],
		"attachment_filenames": [
			"string"
		],
		"attachment_sha256": [
			"string"
		],
		"attachment_types": [
			"string"
		],
		"attack_types": [
			"string"
		],
		"dkim_result": "string",
		"dmarc_result": "string",
		"domain_dmarc_policy": "string",
		"domain_tags": [
			"string"
		],
		"enforcement_action": "string",
		"enforcement_folder": "string",
		"enforcement_result": "string",
		"expanded_from": "user@example.com",
		"forwarded_from": "user@example.com",
		"has_attachment": true,
		"has_malicious_attachment": true,
		"ip": "string",
		"message_details_link": "string",
		"org_domain": "example.com",
		"policy_ids": [
			0
		],
		"ptr_name": "string",
		"message_read_status": true,
		"sender_approval_state": "string",
		"sender_type": "string",
		"spf_result": "string"
	}
]

Workflow Library Example

List Messages with Cisco Advanced Phishing Protection and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop