Smart Search
Trace and query all messages.
Basic Parameters
| Parameter | Description |
|---|---|
| Recipient | The E-mail address of the recipient of the message. |
| Sender | The E-mail address of the sender of the message. |
| Subject | The subject of the message. |
Advanced Parameters
| Parameter | Description |
|---|---|
| Attachments | A comma-separatedlist of the attachment of the message. |
| Count | The amount of messages returned in the call. |
| End Time | The ending time of the query window. |
| GUID | The GUID of the message. |
| Host | The host or IP address of the sent message. |
| Message Action | The final disposition action of the message. |
| Message ID | The header ID of the message(corresponds to the Message ID field in the UI). |
| Queue ID | The ID of the message queue. |
| SID | The SID of the message. |
| Start Time | The starting time of the query window. |
| Viruses | A comma-separatedlist of the viruses detected in the message. |
Example Output
{
"Proofpoint": {
"SmartSearch": [
{
"Agent": "example.com",
"Attachment_Names": "",
"Date": "2020-05-20 14:13:02 [UTC-0600]",
"Disposition_Action": "",
"Disposition_SmtpProfile": "",
"Duration": "0.124094999905240",
"FID": "8lLtu31xs8H24NF8McYw-S6EidtLK-y_",
"FQIN": "example.com-10000_instance1",
"Final_Action": "accept",
"Final_Rule": "access.system",
"GUID": "9rLtu31xs8H24NF8KcRw-S6EihtLK-y_",
"Message_Encrypted": "",
"Message_ID": "<551609250613.u8P6D1l3019878@user.example.com>",
"Message_Size": "1142",
"Message_Split": "",
"Module_ID": "access",
"PE_Recipients": "",
"Policy_Routes": "allow_relay,firewallsafe,internalnet",
"QID": "u8P6D24m919880",
"Quarantine_Folder": "",
"Quarantine_Rule": "",
"Raw_Log": "",
"Recipients": "user@example.com",
"Rule_ID": "system",
"SID": "25nnq08028",
"SMIME_Recipients": "",
"SMIME_Recipients_Signed": "",
"Sender": "root@user.example.com",
"Sender_Host": "localhost",
"Sender_IP_Address": "127.0.0.1",
"SendmailRaw_Log": "",
"Sendmail_Action": "",
"Sendmail_Errorcode": "",
"Sendmail_Stat": "",
"Sendmail_To": "",
"Sendmail_To_Stat": "",
"Spam_Score": "",
"Subject": "Cron <pps@user> /opt/proofpoint/pps8.0.1.1446/admin/tools/dbutil.sh -optimize -db msgqueue",
"Suborg": "",
"TLS": "",
"Virus_Names": "",
"country": "**",
"current_folder": "",
"module_rules": ["access.system"]
}
]
}
}
Workflow Library Example
Smart Search with Proofpoint Protection Server and Send Results Via Email
Preview this Workflow on desktop