Trace Email
This API retrieves email trace information as per the attributes and traffic type that are accessible in the Email Security — Cloud portal.
Parameters
| Parameter | Description |
|---|---|
| Query | The query of the email trace call. For more information go to Trellix Email Protection documentation. |
Example Output
{
"data": [ {
"attributes": {
"acceptedDateTime": "2019-08-07T10:54:54.000",
"countryCode": "us",
"domain": "etp-testdomain5.com",
"downStreamMsgID": "250 2.0.0 Ok: queued as ACBA05B3C",
"emailSize": 0.52,
"lastModifiedDateTime": "2017-07-11T04:51:26.365000",
"originalMessageID": "\u003c20190807162453.092921@JDEORE-MBP\u003e",
"recipientHeader": [ "userb@etp-testdomain5.com" ],
"recipientSMTP": [ "userb@etp-testdomain5.com" ],
"tags": [ "impersonation" ],
"senderHeader": "",
"senderSMTP": "test@etp.com",
"senderIP": "10.128.1.1",
"status": "accepted",
"subject": "test message",
"verdicts": {
"AS": "pass",
"AV": "pass",
"AT": "pass",
"PV": "pass",
"YARA": "pass",
"ActionYARA": "nomatch"
},
"riskwareRules": [ "65001" ],
"yaraRulesAction": "no match"
},
"included": [ {
"type": "domain",
"attributes": {
"name": "etp-testdomain5.com"
}
} ],
"hasRetroactiveAlert": true,
"integrationType": "SMTP",
"id": "6D1004243EFDAA4D55b90d4f3",
"type": "trace"
} ],
"meta": {
"total": 193299,
"size": 20,
"copyright": "Copyright 2019 Fireeye Inc",
"fromLastModifiedOn": { "
start": "2019-07-31T08:12:32.030Z",
"end": "2017-07-11T04:51:27.365000Z"
},
"warnings": [ "Fields verdicts.YARA and verdicts.ActionYARA in API response are deprecated and will be removed. Please refer to API documentation for more details.", "Parameter
yaraVerdict in API request is deprecated and will be removed. Parameter yaraRulesAction can be used to filter
Yara matches to get same results. Please refer to API documentation for more details." ]
}
}
Workflow Library Example
Trace Email with Trellix Email Security and Send Results Via Email
Preview this Workflow on desktop