The E-mail section is designed for monitoring email traffic, spam distribution, violations of corporate email usage policies, and phishing attempts.
- Number of unique delivered / quarantined / blocked messages
- Statistics on message delivery statuses
- Trends in message delivery statuses
- Trends in message volume
- Top senders / recipients by volume / number of messages
- Event statistics with details by senders
- Event statistics with details by recipients
- Email: Overview
- Email: Sender Profile
- Email: Recipient Profile
The section uses the following fields from data sources. Alias used: sm_cs_email_indexes.
| Field Name | Value |
|---|
event.kind | event |
event.category | email |
event.type | allowed | denied | info |
event.action | From the original event. |
| Field Name | Value |
|---|
email.from.address | Sender's email address. |
email.to.address | Recipient's email address. |
email.subject | Message subject. |
email.direction | inbound | outbound | unknown |
email.message_id | Email message identifier. |
| Field Name | Value |
|---|
mail_action | delivered | quarantined | rejected | unknown |
| Field Name | Value |
|---|
event.original | Original event text. |
| Field Name | Value |
|---|
msg_size | Message size. |
Below is a table of reference tables used in the section.
| Name | Fields | Description |
|---|
sm_cs_email_group_lookup | email.address
email_group.name | Reference table for email address groups. |