Query Quarantined Email
Returns a list of quarantine documents given a query filter. The data is sorted in descending order (newest first). This provides the same functionality as the 'Quarantine' tab of the Email Security - Cloud Admin Console.
Basic Parameters
| Parameter | Description |
|---|---|
| Domains | Domain names, an array of strings("domain1", "domain2"). |
| From | Email address of sender. |
| Reason | Reason the email was quarantined. |
| Recipients | Email address of recipients, an array of strings("recipient1", "recipient2"). |
| Size | Number of records returned. Size can be from 1-200 (default is 20). |
Advanced Parameters
| Parameter | Description |
|---|---|
| Email Server | Email server address of recipients. |
| Email Subject | The subject of the email. |
| From Date | Start time in timestamp format. |
| Sender Domain | Sender domain address. |
| Source | List of sources. |
| Tags | Tags associated with email. |
| To Date | End time in timestamp format. |
Example Output
{
"data": [ ...
{
"domain": "test900.etp-testdomain5.com",
"attachments": [],
"cc": [""],
"sender_domain": "deny.robot.com",
"is_marked_deleted": 0,
"country_code": "XX",
"message": "",
"subject": "TestEmail",
"verdict_as": "FAIL",
"from": "robot11@deny.robot.com",
"verdict_av": "PASS",
"verdict_pv":"PASS",
"domain_id": 1120750,
"to": [ "usera@test900.etp-testdomain5.com" ],
"timestamp_quarantine":"2018-12-28T00:00:00.000",
"message_id": "86334999702C232C5be1a5c96",
"recipients": [ "usera@test900.etptestdomain5.com" ],
"is_read": 0,
"released": [{ "email_id": "usera@test900.etp-testdomain5.com", "is_released": 0, "key": "fc074e718240487d94276fbb9eb65252" }],
"timestamp_sent": "2018-12-28T00:00:00.000",
"is_under_release": 0, "tags": ["impersonation"],
"source": "active",
"sender_ip": "10.128.22.230",
"client_tag": "QA_CLIENT_2"
}, ],
"meta": {
"size": 20,
"total": 81,
"timestamp_quarantine":"2018-12-28T00:00:00.000",
"copyright": "Copyright 2019 Fireeye Inc",
}
}
Workflow Library Example
Query Quarantined Email with Trellix Email Security and Send Results Via Email
Preview this Workflow on desktop