EmailPostDeliveryEvents

  • Artigo

Office 365 security events occurred post email delivery to recipient mailbox.

Table attributes

Attribute Value
Resource types -
Categories Security
Solutions SecurityInsights
Basic log No
Ingestion-time transformation Yes
Sample Queries Yes

Columns

Column Type Description
Action string Action taken on the entity
ActionResult string Result of the action
ActionTrigger string Indicates whether an action was triggered by an administrator (manually or through approval of a pending automated action), or by some special mechanism, such as a ZAP or String Delivery
ActionType string Type of activity that triggered the event
_BilledSize real The record size in bytes
DeliveryLocation string Delivered email location: Inbox/Folder, On-premises/External, Junk, Quarantine, Failed, Dropped, Deleted items
DetectionMethods string Methods used to detect malware, phishing, or other threats found in the email
InternetMessageId string Public-facing identifier for the email that is set by the sending email system
_IsBillable string Specifies whether ingesting the data is billable. When _IsBillable is false ingestion isn't billed to your Azure account
NetworkMessageId string Email unique identifier generated by Office 365
RecipientEmailAddress string Recipient email address or email address of the recipient after distribution list expansion
ReportId string Unique identifier for the event
SourceSystem string The type of agent the event was collected by. For example, OpsManager for Windows agent, either direct connect or Operations Manager, Linux for all Linux agents, or Azure for Azure Diagnostics
TenantId string The Log Analytics workspace ID
ThreatTypes string Verdict from the email filtering stack on whether the email contains malware, phishing, or other threats
TimeGenerated datetime Date and time (UTC) when the record was generated
Type string The name of the table