Search/Delete Threat Email in Exchange activity The Search/Delete Threat Email in Exchange activity scans all mailboxes in an Exchange Server to search or delete threat emails using a search query. This activity retrieves the total number of emails found. The Select/Delete Threat Email in Exchange activity can be used with any workflow to search for and delete email on an Exchange Server. Input variables Table 1. Input variables Variable Description target [string] Mandatory target host identifier field where the Exchange Server is located. search_query [string] Mandatory search query used to find emails in the Exchange Server across all mailboxes. operation [string] Mandatory operation executed in the Exchange Server. Possible values are: search delete delete_from_recovery [string] Boolean field that determines whether to delete emails from the recover folder on Exchange Server or not. Possible values are: true = delete email from recovery folder false = do not delete email from recovery folder Execution Command Table 2. Execution Command Script Description SearchExchangeForEmails.ps1 MID Server Script file.A script with PowerShell commands that executes on the Exchange Server. Output variables The output variables contain data that can be used in subsequent activities. Table 3. Output variables Variable Description emailCount [string] Total number of emails found during the search/deletion operations for the given search query. Exit Conditions Possible exit conditions for this activity are: Table 4. Exit Conditions Variable Description No threat emails found When the email count is zero, no emails were found for the given search query. Threat emails found When the email count is greater than zero, emails were found for the given search query. Error executing at exchange When an error occurred while executing search/delete of emails in the Exchange Server.