Search/Delete Threat Email in Exchange activity

The Search/Delete Threat Email in Exchange activity scans all mailboxes in an Exchange Server to search or delete threat emails using a search query. This activity retrieves the total number of emails found.

The Select/Delete Threat Email in Exchange activity can be used with any workflow to search for and delete email on an Exchange Server.

Input variables

Table 1. Input variables
Variable Description
target [string] Mandatory target host identifier field where the Exchange Server is located.
search_query [string] Mandatory search query used to find emails in the Exchange Server across all mailboxes.
operation [string] Mandatory operation executed in the Exchange Server.
Possible values are:
  • search
  • delete
delete_from_recovery [string] Boolean field that determines whether to delete emails from the recover folder on Exchange Server or not.
Possible values are:
  • true = delete email from recovery folder
  • false = do not delete email from recovery folder

Execution Command

Table 2. Execution Command
Script Description
SearchExchangeForEmails.ps1 MID Server Script file.

A script with PowerShell commands that executes on the Exchange Server.

Output variables

The output variables contain data that can be used in subsequent activities.

Table 3. Output variables
Variable Description
emailCount [string] Total number of emails found during the search/deletion operations for the given search query.

Exit Conditions

Possible exit conditions for this activity are:

Table 4. Exit Conditions
Variable Description
No threat emails found When the email count is zero, no emails were found for the given search query.
Threat emails found When the email count is greater than zero, emails were found for the given search query.
Error executing at exchange When an error occurred while executing search/delete of emails in the Exchange Server.