Return Total Emails Found in Exchange workflow

The Security Incident Response Return Total Emails Found in Exchange workflow returns the total number of threat emails found on the Exchange Server.

About this task

This workflow is triggered by the Query Exchange button on the Exchange Search form in the Security Incident when the Query result is set to Return count.
Query Exchange Button
Workflow process activities include:
  • Runs a script to fetch a search query from all associated active search criteria records to run on the Exchange Server using the Search/Delete Threat Email in Exchange activity.
  • Creates an Exchange Search Results record as follows:
    Field Value
    Action Search
    Result type Count
    Email count Integer (Total number of emails found)
    Search Query Query text string run on the Exchange Server
    Email date received N/A
    Email read status N/A
    Recipient N/A
    Search date Timestamp for when the workflow ran
  • Exchange search query results example
  • Log Message:
    Note: Any PowerShell script errors are recorded in the system logs.
Return Total Emails Found in Exchange workflow diagram