Search/Delete Threat Email in Exchange activity

The Search/Delete Threat Email in Exchange activity performs a search for emails in the designated Exchange server(s) using the search queries defined, and returns the details.

Input variables

Input variables determine the initial behavior of the activity.

Variable Description
target Mandatory target host identifier field where the Exchange Server is located and the powershell script will be executed.
search_query Mandatory search query used to find emails in the Exchange Server across all mailboxes.
operation Operation to be executed on the Exchange server. Possible values are:
  • search
  • delete
delete_from_recovery Choose to delete emails from the recovery folder on the Exchange server. Possible values are:
  • true
  • false

Output variables

The output variables contain data that can be used in subsequent activities.

Table 1. Output variables
Variable Description
emailCount The total number of emails found during the search/delete operations for the given search query.

Exit Conditions

Possible exit conditions for this activity are:

Table 2. Exit Conditions
Variable Description
No emails found When the email count is zero, no emails were found for the given search query.
Threat emails found When the email count is greater than zero, and email details were returned for the given search query.
Error executing at exchange When an error occurred while executing the powershell script in the Exchange Server.