Email report attributes
Below is a list of available report attributes.
Name | Description | Filter values |
---|---|---|
Direction | The direction of the message: inbound or outbound. | Check boxes |
Envelope Sender | Used by mail servers to check where the message originates and where to respond (for example, if there is an error or the message bounces). Often matches the From: address, but not always. For example, the message might come from a mailing list, or from an organization authenticated to send messages on your company’s behalf. | Manual text |
From: Address | The address the message recipient sees in the From: field of the message. | Manual text |
Policy | The email policy used for filtering. | Autocompleted text |
Recipient Address | The email address of a message recipient. | Manual text |
Recipient Domain | The domain associated with a message recipient. | Manual text |
Sender Domain | The domain associated with a message sender. | Manual text |
Sender Name | The name of a message sender. | Manual text |
Subject | The text in the subject line of a message. There are also options to filter by results with no subject, and to perform a case- sensitive search. | Manual text |
Action | The action applied to the message. Options are Accepted, Bounced, Bypassed processing, Discarded, Quarantined, Temporarily bounced. | Check boxes |
Blocklist/Allowlist | Groups and filters messages by whether they are in blocklist, allowlist, or neither. | Check boxes |
Blocked Attachment Ext | Groups and filters messages by the extension of their blocked attachments (for example, EXE). There is also an option to include results with no blocked attachment extension. | Manual text |
Filtering Reason |
The result of filtering the message.
|
Check boxes |
Lexical Rule | The lexical rule applied to a message. There is also an option to include results with no lexical rules applied. | Manual text |
Sender IP | The IP address of a message sender. There is also an option to include results with no sender IP address. | Manual text |
Sender IP Country | The country from which the sender IP address originates. | Autocompleted text |
Attachment File Type | A description of the type of file attached to a message - for example Microsoft Excel or Portable Network Graphic (PNG). | Autocompleted text |
Attachment Filename | The name of a specific file attached to a message. | Manual text |
Attachment MIME Type | MIME type of a message attachment in the format content type/content subtype. For example, video/mpeg or text/csv. | Manual text |
Content Type | The type of content detected within the message. Options are Archive, Audio, Encrypted, Executable, HTML, Image, None, Office Document, Signed, Video. | Check boxes |
Emb. Domain | The domain of an embedded URL within a message. | Manual text |
Emb. Full URL | The full URL embedded within a message. | Manual text |
Emb. Host | The host name embedded within a message. | Manual text |
Emb. URL Category |
The category of a URL embedded within a message. | Autocompleted text |
Emb. URL Risk Class | The risk class associated with a URL embedded within a message. | Check boxes |
Emb. URL Severity | The severity level associated with a URL embedded within a message. | Check boxes |
Advanced Encryption | The type of advanced encryption applied to the message. Options are Decrypted Inbound, Encrypted Outbound, or None. This attribute requires the Forcepoint Email Security Encryption Module. | Check boxes |
File Sandbox Status |
The result of analysis of files attached to messages that were sent to the File Sandbox. Status can be:
The report includes date/time, sender, recipient address, Subject, and status. This attribute requires the Forcepoint Advanced Malware Detection for Email module. Note: A secondary grouping is not allowed when File Sandbox Status is the primary grouping.
|
Check boxes |
Message Sandboxing | The type of sandboxing applied to the message. Options are Attachment Wrapped, None, Phishing URL Sandboxed, URL Sandboxed. This attribute requires the Advanced Malware Detection for Email module. | Check boxes |
Virus Name | The name of a virus detected in a message. There is also an option to include results with no virus name associated with them. | Manual text |
Date | Enables you to group report entries by date. Note that this attribute is not available for filtering as the Date Range field performs this function. | N/A |
Day of Week | Enables you to group and filter report entries by days of the week. | Check boxes |
Hour | Enables you to group and filter report entries by hour. | 24 hour selection |
Month | Enables you to group and filter report entries by month. | Check boxes |