Document toolboxDocument toolbox

mail.egress

Owned by Juan Tomás Alonso Nieto (Deactivated), created
Jul 27, 2023
1 min read
[ 1 Introduction ] [ 2 Valid tags and data tables  ] [ 3 Table structure ]

Introduction

The tags beginning with mail.egress identify events generated by Egress Secure Mail.

Valid tags and data tables 

The full tag must have 4 levels. The first two are fixed as mail.egress. The third level identifies the type of events sent. The fourth level indicates the event subtype.

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service

Tags

Data tables

Product / Service

Tags

Data tables

Egress Secure Mail

mail.egress.defend.phising_events

mail.egress.defend.phising_events

For more information, read more About Devo tags.

Table structure

These are the fields displayed in this table:

mail.egress.defend.phising_events

Field

Type

Field transformation

Source field name

Extra fields

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

 

 

 

hostname

str

 

 

 

event

str

 

 

 

time

timestamp

 

 

 

emailTo_domain_str

str

join(emailTo_domain, ',')

emailTo_domain

 

emailTo_localPart_str

str

join(emailTo_localPart, ',')

emailTo_localPart

 

emailTo_displayName_str

str

join(emailTo_displayName, ',')

emailTo_displayName

 

emailFrom_domain_str

str

emailFrom_domain

 

emailFrom_localPart_str

str

emailFrom_localPart

 

emailFrom_displayName_str

str

emailFrom_displayName

 

rcptTo_str

str

rcptTo

 

mailFrom

str

 

 

 

threat

str

 

 

 

subject

str

 

 

 

receivedAt

timestamp

 

 

 

fromAddressDomainCreatedDate

str

 

 

 

linksClicked

int4

 

 

 

trust

str

 

 

 

auth_rawAuth

str

 

 

 

auth_spf

str

 

 

 

auth_dkim

str

 

 

 

auth_dmarc

str

 

 

 

primaryDomain

str

 

 

 

messageId

str

 

 

 

firstTimeSender

bool

 

 

 

links_domain_str

str

links_domain

 

links_occurrences_str

str

links_occurrences

 

links_clicks_str

str

links_clicks

 

links_inAttachment_str

str

links_inAttachment

 

attachments_name_str

str

attachments_name

 

attachments_size_str

str

attachments_size

 

senderIp

ip4

 

 

 

msScl

int4

 

 

 

replyTo

str

 

 

 

phishType

str

 

 

 

payloadType

str

 

 

 

emailSummaryLink

str

 

 

 

hostchain

str

 

 

✓

tag

str

 

 

✓

rawMessage

str

 

 

✓