Skip to main content

Smart Search

Trace and query all messages.

Basic Parameters

ParameterDescription
RecipientThe E-mail address of the recipient of the message.
SenderThe E-mail address of the sender of the message.
SubjectThe subject of the message.

Advanced Parameters

ParameterDescription
AttachmentsA comma-separated list of the attachment of the message.
CountThe amount of messages returned in the call.
End TimeThe ending time of the query window.
GUIDThe GUID of the message.
HostThe host or IP address of the sent message.
Message ActionThe final disposition action of the message.
Message IDThe header ID of the message(corresponds to the Message ID field in the UI).
Queue IDThe ID of the message queue.
SIDThe SID of the message.
Start TimeThe starting time of the query window.
VirusesA comma-separated list of the viruses detected in the message.

Example Output

{
"Proofpoint": {
"SmartSearch": [
{
"Agent": "example.com",
"Attachment_Names": "",
"Date": "2020-05-20 14:13:02 [UTC-0600]",
"Disposition_Action": "",
"Disposition_SmtpProfile": "",
"Duration": "0.124094999905240",
"FID": "8lLtu31xs8H24NF8McYw-S6EidtLK-y_",
"FQIN": "example.com-10000_instance1",
"Final_Action": "accept",
"Final_Rule": "access.system",
"GUID": "9rLtu31xs8H24NF8KcRw-S6EihtLK-y_",
"Message_Encrypted": "",
"Message_ID": "<551609250613.u8P6D1l3019878@user.example.com>",
"Message_Size": "1142",
"Message_Split": "",
"Module_ID": "access",
"PE_Recipients": "",
"Policy_Routes": "allow_relay,firewallsafe,internalnet",
"QID": "u8P6D24m919880",
"Quarantine_Folder": "",
"Quarantine_Rule": "",
"Raw_Log": "",
"Recipients": "user@example.com",
"Rule_ID": "system",
"SID": "25nnq08028",
"SMIME_Recipients": "",
"SMIME_Recipients_Signed": "",
"Sender": "root@user.example.com",
"Sender_Host": "localhost",
"Sender_IP_Address": "127.0.0.1",
"SendmailRaw_Log": "",
"Sendmail_Action": "",
"Sendmail_Errorcode": "",
"Sendmail_Stat": "",
"Sendmail_To": "",
"Sendmail_To_Stat": "",
"Spam_Score": "",
"Subject": "Cron <pps@user> /opt/proofpoint/pps8.0.1.1446/admin/tools/dbutil.sh -optimize -db msgqueue",
"Suborg": "",
"TLS": "",
"Virus_Names": "",
"country": "**",
"current_folder": "",
"module_rules": [
"access.system"
]
}
]
}
}

Workflow Library Example

Smart Search with Proofpoint Protection Server and Send Results Via Email

Workflow LibraryPreview this Workflow on desktop