Skip to main content
Returns a list of quarantine documents given a query filter. The data is sorted in descending order (newest first). This provides the same functionality as the ‘Quarantine’ tab of the Email Security - Cloud Admin Console.

Basic Parameters

ParameterDescription
DomainsDomain names, an array of strings(“domain1”, “domain2”).
FromEmail address of sender.
ReasonReason the email was quarantined.
RecipientsEmail address of recipients, an array of strings(“recipient1”, “recipient2”).
SizeNumber of records returned. Size can be from 1-200 (default is 20).

Advanced Parameters

ParameterDescription
Email ServerEmail server address of recipients.
Email SubjectThe subject of the email.
From DateStart time in timestamp format.
Sender DomainSender domain address.
SourceList of sources.
TagsTags associated with email.
To DateEnd time in timestamp format.

Example Output

{ 
  "data": [ ... 
  {
    "domain": "test900.etp-testdomain5.com",
    "attachments": [],
    "cc": [""],
    "sender_domain": "deny.robot.com", 
    "is_marked_deleted": 0, 
    "country_code": "XX", 
    "message": "", 
    "subject": "TestEmail", 
    "verdict_as": "FAIL", 
    "from": "robot11@deny.robot.com", 
    "verdict_av": "PASS", 
    "verdict_pv":"PASS",
    "domain_id": 1120750,
    "to": [ "usera@test900.etp-testdomain5.com" ],
    "timestamp_quarantine":"2018-12-28T00:00:00.000",
    "message_id": "86334999702C232C5be1a5c96",
    "recipients": [ "usera@test900.etptestdomain5.com" ],
    "is_read": 0,
    "released": [{ "email_id": "usera@test900.etp-testdomain5.com", "is_released": 0, "key": "fc074e718240487d94276fbb9eb65252" }], 
    "timestamp_sent": "2018-12-28T00:00:00.000",
    "is_under_release": 0, "tags": ["impersonation"],
    "source": "active", 
    "sender_ip": "10.128.22.230",
    "client_tag": "QA_CLIENT_2" 
  }, ], 
  "meta": {
    "size": 20,
    "total": 81, 
    "timestamp_quarantine":"2018-12-28T00:00:00.000", 
    "copyright": "Copyright 2019 Fireeye Inc", 
  } 
}

Workflow Library Example

Query Quarantined Email with Trellix Email Security and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop
I