Microsoft Graph · Schema
microsoft.graph.security.analyzedMessageEvidence
Azure ADCollaborationContactsDocumentsEmailGraphIdentityMicrosoftOffice 365PresentationsProductivitySpreadsheetsT1Tasks
JSON Schema
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "#/components/schemas/microsoft.graph.security.analyzedMessageEvidence",
"title": "microsoft.graph.security.analyzedMessageEvidence",
"allOf": [
{
"$ref": "#/components/schemas/microsoft.graph.security.alertEvidence"
},
{
"title": "analyzedMessageEvidence",
"required": [
"@odata.type"
],
"type": "object",
"properties": {
"antiSpamDirection": {
"type": "string",
"description": "Direction of the email relative to your network. The possible values are: inbound, outbound or intraorg.",
"nullable": true
},
"attachmentsCount": {
"type": "number",
"description": "Number of attachments in the email.",
"format": "int64",
"nullable": true
},
"deliveryAction": {
"type": "string",
"description": "Delivery action of the email. The possible values are: delivered, deliveredAsSpam, junked, blocked, or replaced.",
"nullable": true
},
"deliveryLocation": {
"type": "string",
"description": "Location where the email was delivered. The possible values are: inbox, external, junkFolder, quarantine, failed, dropped, deletedFolder or forwarded.",
"nullable": true
},
"internetMessageId": {
"type": "string",
"description": "Public-facing identifier for the email that is set by the sending email system.",
"nullable": true
},
"language": {
"type": "string",
"description": "Detected language of the email content.",
"nullable": true
},
"networkMessageId": {
"type": "string",
"description": "Unique identifier for the email, generated by Microsoft 365.",
"nullable": true
},
"p1Sender": {
"anyOf": [
{
"$ref": "#/components/schemas/microsoft.graph.security.emailSender"
},
{
"type": "object",
"nullable": true
}
],
"description": "The P1 sender."
},
"p2Sender": {
"anyOf": [
{
"$ref": "#/components/schemas/microsoft.graph.security.emailSender"
},
{
"type": "object",
"nullable": true
}
],
"description": "The P2 sender."
},
"receivedDateTime": {
"pattern": "^[0-9]{4,}-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])T([01][0-9]|2[0-3]):[0-5][0-9]:[0-5][0-9]([.][0-9]{1,12})?(Z|[+-][0-9][0-9]:[0-9][0-9])$",
"type": "string",
"description": "Date and time when the email was received.",
"format": "date-time",
"nullable": true
},
"recipientEmailAddress": {
"type": "string",
"description": "Email address of the recipient, or email address of the recipient after distribution list expansion.",
"nullable": true
},
"senderIp": {
"type": "string",
"description": "IP address of the last detected mail server that relayed the message.",
"nullable": true
},
"subject": {
"type": "string",
"description": "Subject of the email.",
"nullable": true
},
"threatDetectionMethods": {
"type": "array",
"items": {
"type": "string",
"nullable": true
},
"description": "Collection of methods used to detect malware, phishing, or other threats found in the email."
},
"threats": {
"type": "array",
"items": {
"type": "string",
"nullable": true
},
"description": "Collection of detection names for malware or other threats found."
},
"urlCount": {
"type": "number",
"description": "Number of embedded URLs in the email.",
"format": "int64",
"nullable": true
},
"urls": {
"type": "array",
"items": {
"type": "string",
"nullable": true
},
"description": "Collection of the URLs contained in this email."
},
"urn": {
"type": "string",
"description": "Uniform resource name (URN) of the automated investigation where the cluster was identified.",
"nullable": true
},
"@odata.type": {
"type": "string",
"default": "#microsoft.graph.security.analyzedMessageEvidence"
}
}
}
],
"x-ms-discriminator-value": "#microsoft.graph.security.analyzedMessageEvidence"
}