New Delivered Message
Triggers a workflow on every delivered message containing a known threat.
info
Automations based on this trigger will search for new events every 10 minutes.
Sample Event
{
"GUID": "c26dbea0-80d5-463b-b93c-4e8b708219ce",
"QID": "r2FNwRHF004109",
"ccAddresses": [
"bruce.wayne@university-of-education.zz"
],
"clusterId": "pharmtech_hosted",
"completelyRewritten": "true",
"fromAddress": "badguy@evil.zz",
"headerCC": "\"Bruce Wayne\" <bruce.wayne@university-of-education.zz>",
"headerFrom": "\"A. Badguy\" <badguy@evil.zz>",
"headerReplyTo": null,
"headerTo": "\"Clark Kent\" <clark.kent@pharmtech.zz>; \"Diana Prince\" <diana.prince@pharmtech.zz>",
"impostorScore": 0,
"malwareScore": 100,
"messageID": "20160624211145.62086.mail@evil.zz",
"messageParts": [
{
"contentType": "text/plain",
"disposition": "inline",
"filename": "text.txt",
"md5": "008c5926ca861023c1d2a36653fd88e2",
"oContentType": "text/plain",
"sandboxStatus": "unsupported",
"sha256": "85738f8f9a7f1b04b5329c590ebcb9e425925c6d0984089c43a022de4f19c281"
},
{
"contentType": "application/pdf",
"disposition": "attached",
"filename": "Invoice for Pharmtech.pdf",
"md5": "5873c7d37608e0d49bcaa6f32b6c731f",
"oContentType": "application/pdf",
"sandboxStatus": "threat",
"sha256": "2fab740f143fc1aa4c1cd0146d334c5593b1428f6d062b2c406e5efe8abe95ca"
}
],
"messageTime": "2016-06-24T21:18:38.000Z",
"modulesRun": [
"pdr",
"sandbox",
"spam",
"urldefense"
],
"phishScore": 46,
"policyRoutes": [
"default_inbound",
"executives"
],
"quarantineFolder": "Attachment Defense",
"quarantineRule": "module.sandbox.threat",
"recipient": [
"clark.kent@pharmtech.zz",
"diana.prince@pharmtech.zz"
],
"replyToAddress": null,
"sender": "e99d7ed5580193f36a51f597bc2c0210@evil.zz",
"senderIP": "192.0.2.255",
"spamScore": 4,
"subject": "Please find a totally safe invoice attached.",
"threatsInfoMap": [
{
"campaignId": "46e01b8a-c899-404d-bcd9-189bb393d1a7",
"classification": "MALWARE",
"threat": "2fab740f143fc1aa4c1cd0146d334c5593b1428f6d062b2c406e5efe8abe95ca",
"threatId": "2fab740f143fc1aa4c1cd0146d334c5593b1428f6d062b2c406e5efe8abe95ca",
"threatStatus": "active",
"threatTime": "2016-06-24T21:18:38.000Z",
"threatType": "ATTACHMENT",
"threatUrl": "https://threatinsight.proofpoint.com/#/73aa0499-dfc8-75eb-1de8-a471b24a2e75/threat/u/2fab740f143fc1aa4c1cd0146d334c5593b1428f6d062b2c406e5efe8abe95ca"
},
{
"campaignId": "46e01b8a-c899-404d-bcd9-189bb393d1a7",
"classification": "MALWARE",
"threat": "badsite.zz",
"threatId": "3ba97fc852c66a7ba761450edfdfb9f4ffab74715b591294f78b5e37a76481aa",
"threatTime": "2016-06-24T21:18:07.000Z",
"threatType": "URL",
"threatUrl": "https://threatinsight.proofpoint.com/#/73aa0499-dfc8-75eb-1de8-a471b24a2e75/threat/u/3ba97fc852c66a7ba761450edfdfb9f4ffab74715b591294f78b5e37a76481aa"
}
],
"toAddresses": [
"clark.kent@pharmtech.zz",
"diana.prince@pharmtech.zz"
]
}