Retrieve alert metadata by ID.
External Documentation
To learn more, visit the Proofpoint Threat Response Auto Pull documentation.
Parameter | Description |
---|---|
Alert ID | The ID value of alert to retrieve. |
{
"id": 3,
"severity": "Info",
"source": "Abuse Mailbox Monitor",
"state": "Linked",
"attackDirection": "inbound",
"received": "2019-02-25T17:22:48Z",
"emails": [
{
"sender": {
"email": "analyzer@analyzer.featbot.io"
},
"recipient": {
"email": "x-abuse@acme.com"
},
"subject": "FW: Report me!",
"messageId": "<BE095FD07C20C5419BF398E428D3AAD416664E78@orion-exch.orion.local>",
"body": "<html dir=\"ltr\">DELETED</html>",
"bodyType": "html",
"headers": {
"Thread-Index": "AdTNIeEpSJX5TD0eRy+DKCAGay+zzgAABtQOAAAiV44AAwUbrg==",
"Received": "from ORION-EXCH.orion.local ([::1]) by orion-exch.orion.local ([::1]) with mapi id 14.03.0123.003; Mon, 25 Feb 2019 09:21:59 -0800",
"X-MS-TNEF-Correlator": "<BE095FD07C20C5419BF398E428D3AAD416664E78@orion-exch.orion.local>",
"Thread-Topic": "Report me!",
"Message-ID": "<BE095FD07C20C5419BF398E428D3AAD416664E78@orion-exch.orion.local>",
"Content-Transfer-Encoding": "binary",
"X-MS-Exchange-Organization-AuthAs": "Internal",
"In-Reply-To": "<BE095FD07C20C5419BF398E428D3AAD416664E63@orion-exch.orion.local>",
"X-MS-Exchange-Organization-AuthSource": "orion-exch.orion.local",
"Subject": "FW: Report me!",
"MIME-Version": "1.0",
"Date": "Mon, 25 Feb 2019 09:21:58 -0800",
"X-MS-Exchange-Organization-AuthMechanism": "04",
"X-MS-Exchange-Organization-SCL": "-1",
"References": "<F4F06DB4324F7649A88EA3C014334523166CE43E@orion-exch.orion.local>,<BE095FD07C20C5419BF398E428D3AAD416664E56@orion-exch.orion.local>,<BE095FD07C20C5419BF398E428D3AAD416664E63@orion-exch.orion.local>",
"X-Originating-IP": "[10.23.160.157]",
"Accept-Language": "en-US",
"X-MS-Has-Attach": "yes",
"Content-Language": "en-US",
"Content-Type": "application/ms-tnef",
"X-PhishAlarm-Clear-Id": "876724f6-2b0c-4c4b-8d85-3813298527a1",
"X-PhishAlarm-Clear-Timeout": 45,
"X-PhishAlarm-Format": "PhishAlarm for Gmail; MethodOfDetermination=\"Guessing\"",
"X-PhishAlarm-Overcast-Trace-Token": "ZG-AEQ=ZHMACg=R9pKjo-6JX_EdjS2h7Mo",
"X-PhishAlarm-Reporter": "test-user-1@clear-gmail-testing.page",
"X-PhishAlarm-SES-key": "725d98a1-2d08-4350-97af-d22a6e57d152"
},
"urls": [
"http://www.google.com"
],
"attachments": [
{
"timestamp": "2019-01-28T09:43:87Z",
"safename": "62aeae6f18dbe28939babe759c095c7b.pdf",
"realnamePII": {
"secret": "Hanhart Pioneer Valjoux 23 Flyback.pdf"
},
"size": 404674,
"contentType": "application/pdf",
"md5": "e64e6f2d9a148e948aafe4081e4f4f03",
"sha256": "dda637869121ac6bede4e8127c8333375901940d6a5e87da4eb3ab250a1ad518"
}
],
"abuseCopy": true
},
{
"sender": {
"email": "badguy@whatever.com"
},
"recipient": {
"email": "employee@acme.com"
},
"subject": "FW: Report me!",
"messageId": "<BE095FD07C20C5419BF398E428D3AAD416664E63@orion-exch.orion.local>",
"body": "<html dir=\"ltr\">removed</html>",
"bodyType": "html",
"headers": {
"Thread-Index": "AdTNIeEpSJX5TD0eRy+DKCAGay+zzgAABtQOAAAiV44AAwUbrg==",
"Received": "from ORION-EXCH.orion.local ([::1]) by orion-exch.orion.local ([::1]) with mapi id 14.03.0123.003; Mon, 25 Feb 2019 09:21:59 -0800",
"X-MS-TNEF-Correlator": "<BE095FD07C20C5419BF398E428D3AAD416664E78@orion-exch.orion.local>",
"Thread-Topic": "Report me!",
"Message-ID": "<BE095FD07C20C5419BF398E428D3AAD416664E78@orion-exch.orion.local>",
"Content-Transfer-Encoding": "binary",
"X-MS-Exchange-Organization-AuthAs": "Internal",
"In-Reply-To": "<BE095FD07C20C5419BF398E428D3AAD416664E63@orion-exch.orion.local>",
"X-MS-Exchange-Organization-AuthSource": "orion-exch.orion.local",
"Subject": "FW: Report me!",
"MIME-Version": "1.0",
"Date": "Mon, 25 Feb 2019 09:21:58 -0800",
"X-MS-Exchange-Organization-AuthMechanism": "04",
"X-MS-Exchange-Organization-SCL": "-1",
"References": "<F4F06DB4324F7649A88EA3C014334523166CE43E@orion-exch.orion.local>,<BE095FD07C20C5419BF398E428D3AAD416664E56@orion-exch.orion.local>,<BE095FD07C20C5419BF398E428D3AAD416664E63@orion-exch.orion.local>",
"X-Originating-IP": "[10.23.160.157]",
"Accept-Language": "en-US",
"X-MS-Has-Attach": "yes",
"Content-Language": "en-US",
"Content-Type": "application/ms-tnef"
},
"urls": [
"http://www.google.com"
],
"attachments": [
{
"timestamp": "2019-01-28T09:43:87Z",
"safename": "62aeae6f18dbe28939babe759c095c7b.pdf",
"realnamePII": {
"secret": "Hanhart Pioneer Valjoux 23 Flyback.pdf"
},
"size": 404674,
"contentType": "application/pdf",
"md5": "e64e6f2d9a148e948aafe4081e4f4f03",
"sha256": "dda637869121ac6bede4e8127c8333375901940d6a5e87da4eb3ab250a1ad518"
}
],
"mimeContent": "removed",
"abuseCopy": false
}
]
}
Get Alert Details with Proofpoint Threat Response Auto Pull and Send Results Via Email
Preview this Workflow on desktop
Was this page helpful?
Retrieve alert metadata by ID.
External Documentation
To learn more, visit the Proofpoint Threat Response Auto Pull documentation.
Parameter | Description |
---|---|
Alert ID | The ID value of alert to retrieve. |
{
"id": 3,
"severity": "Info",
"source": "Abuse Mailbox Monitor",
"state": "Linked",
"attackDirection": "inbound",
"received": "2019-02-25T17:22:48Z",
"emails": [
{
"sender": {
"email": "analyzer@analyzer.featbot.io"
},
"recipient": {
"email": "x-abuse@acme.com"
},
"subject": "FW: Report me!",
"messageId": "<BE095FD07C20C5419BF398E428D3AAD416664E78@orion-exch.orion.local>",
"body": "<html dir=\"ltr\">DELETED</html>",
"bodyType": "html",
"headers": {
"Thread-Index": "AdTNIeEpSJX5TD0eRy+DKCAGay+zzgAABtQOAAAiV44AAwUbrg==",
"Received": "from ORION-EXCH.orion.local ([::1]) by orion-exch.orion.local ([::1]) with mapi id 14.03.0123.003; Mon, 25 Feb 2019 09:21:59 -0800",
"X-MS-TNEF-Correlator": "<BE095FD07C20C5419BF398E428D3AAD416664E78@orion-exch.orion.local>",
"Thread-Topic": "Report me!",
"Message-ID": "<BE095FD07C20C5419BF398E428D3AAD416664E78@orion-exch.orion.local>",
"Content-Transfer-Encoding": "binary",
"X-MS-Exchange-Organization-AuthAs": "Internal",
"In-Reply-To": "<BE095FD07C20C5419BF398E428D3AAD416664E63@orion-exch.orion.local>",
"X-MS-Exchange-Organization-AuthSource": "orion-exch.orion.local",
"Subject": "FW: Report me!",
"MIME-Version": "1.0",
"Date": "Mon, 25 Feb 2019 09:21:58 -0800",
"X-MS-Exchange-Organization-AuthMechanism": "04",
"X-MS-Exchange-Organization-SCL": "-1",
"References": "<F4F06DB4324F7649A88EA3C014334523166CE43E@orion-exch.orion.local>,<BE095FD07C20C5419BF398E428D3AAD416664E56@orion-exch.orion.local>,<BE095FD07C20C5419BF398E428D3AAD416664E63@orion-exch.orion.local>",
"X-Originating-IP": "[10.23.160.157]",
"Accept-Language": "en-US",
"X-MS-Has-Attach": "yes",
"Content-Language": "en-US",
"Content-Type": "application/ms-tnef",
"X-PhishAlarm-Clear-Id": "876724f6-2b0c-4c4b-8d85-3813298527a1",
"X-PhishAlarm-Clear-Timeout": 45,
"X-PhishAlarm-Format": "PhishAlarm for Gmail; MethodOfDetermination=\"Guessing\"",
"X-PhishAlarm-Overcast-Trace-Token": "ZG-AEQ=ZHMACg=R9pKjo-6JX_EdjS2h7Mo",
"X-PhishAlarm-Reporter": "test-user-1@clear-gmail-testing.page",
"X-PhishAlarm-SES-key": "725d98a1-2d08-4350-97af-d22a6e57d152"
},
"urls": [
"http://www.google.com"
],
"attachments": [
{
"timestamp": "2019-01-28T09:43:87Z",
"safename": "62aeae6f18dbe28939babe759c095c7b.pdf",
"realnamePII": {
"secret": "Hanhart Pioneer Valjoux 23 Flyback.pdf"
},
"size": 404674,
"contentType": "application/pdf",
"md5": "e64e6f2d9a148e948aafe4081e4f4f03",
"sha256": "dda637869121ac6bede4e8127c8333375901940d6a5e87da4eb3ab250a1ad518"
}
],
"abuseCopy": true
},
{
"sender": {
"email": "badguy@whatever.com"
},
"recipient": {
"email": "employee@acme.com"
},
"subject": "FW: Report me!",
"messageId": "<BE095FD07C20C5419BF398E428D3AAD416664E63@orion-exch.orion.local>",
"body": "<html dir=\"ltr\">removed</html>",
"bodyType": "html",
"headers": {
"Thread-Index": "AdTNIeEpSJX5TD0eRy+DKCAGay+zzgAABtQOAAAiV44AAwUbrg==",
"Received": "from ORION-EXCH.orion.local ([::1]) by orion-exch.orion.local ([::1]) with mapi id 14.03.0123.003; Mon, 25 Feb 2019 09:21:59 -0800",
"X-MS-TNEF-Correlator": "<BE095FD07C20C5419BF398E428D3AAD416664E78@orion-exch.orion.local>",
"Thread-Topic": "Report me!",
"Message-ID": "<BE095FD07C20C5419BF398E428D3AAD416664E78@orion-exch.orion.local>",
"Content-Transfer-Encoding": "binary",
"X-MS-Exchange-Organization-AuthAs": "Internal",
"In-Reply-To": "<BE095FD07C20C5419BF398E428D3AAD416664E63@orion-exch.orion.local>",
"X-MS-Exchange-Organization-AuthSource": "orion-exch.orion.local",
"Subject": "FW: Report me!",
"MIME-Version": "1.0",
"Date": "Mon, 25 Feb 2019 09:21:58 -0800",
"X-MS-Exchange-Organization-AuthMechanism": "04",
"X-MS-Exchange-Organization-SCL": "-1",
"References": "<F4F06DB4324F7649A88EA3C014334523166CE43E@orion-exch.orion.local>,<BE095FD07C20C5419BF398E428D3AAD416664E56@orion-exch.orion.local>,<BE095FD07C20C5419BF398E428D3AAD416664E63@orion-exch.orion.local>",
"X-Originating-IP": "[10.23.160.157]",
"Accept-Language": "en-US",
"X-MS-Has-Attach": "yes",
"Content-Language": "en-US",
"Content-Type": "application/ms-tnef"
},
"urls": [
"http://www.google.com"
],
"attachments": [
{
"timestamp": "2019-01-28T09:43:87Z",
"safename": "62aeae6f18dbe28939babe759c095c7b.pdf",
"realnamePII": {
"secret": "Hanhart Pioneer Valjoux 23 Flyback.pdf"
},
"size": 404674,
"contentType": "application/pdf",
"md5": "e64e6f2d9a148e948aafe4081e4f4f03",
"sha256": "dda637869121ac6bede4e8127c8333375901940d6a5e87da4eb3ab250a1ad518"
}
],
"mimeContent": "removed",
"abuseCopy": false
}
]
}
Get Alert Details with Proofpoint Threat Response Auto Pull and Send Results Via Email
Preview this Workflow on desktop
Was this page helpful?