Return Email Details from Exchange workflow

The Return Email Details from Exchange workflow returns details from the threat emails found on the Exchange Server.

About this task

This workflow is triggered by the Query Exchange button on the Exchange Search form in the security incident when the Query result is set to Return details.
Exchange search query example
Workflow process activities include:
  • Runs a script to fetch a search query from all associated active search criteria records to run on the Exchange Server using the Get Email Details from Exchange Server activity
  • Creates an Exchange Search Results record as follows:
    Field Value
    Action Search
    Result type Details
    Email count N/A
    Search Query Query text string run on the Exchange Server
    Email date received Timestamp for when the email arrived
    Email read status Read/Not Read
    Recipient Full email address
    Search date Timestamp for when the workflow ran
    Message ID Email message ID from the Exchange Server. (Not displayed)
  • Exchange search query results example
  • Log Message:
    Note: Any PowerShell script errors are recorded in the system logs
Return Email Details from Exchange workflow diagram