Search/Delete Threat Email in Exchange activity The Search/Delete Threat Email in Exchange activity performs a search for emails in the designated Exchange server(s) using the search queries defined, and returns the details. Input variables Input variables determine the initial behavior of the activity. Variable Description target Mandatory target host identifier field where the Exchange Server is located and the powershell script will be executed. search_query Mandatory search query used to find emails in the Exchange Server across all mailboxes. operation Operation to be executed on the Exchange server. Possible values are: search delete delete_from_recovery Choose to delete emails from the recovery folder on the Exchange server. Possible values are: true false Output variables The output variables contain data that can be used in subsequent activities. Table 1. Output variables Variable Description emailCount The total number of emails found during the search/delete operations for the given search query. Exit Conditions Possible exit conditions for this activity are: Table 2. Exit Conditions Variable Description No emails found When the email count is zero, no emails were found for the given search query. Threat emails found When the email count is greater than zero, and email details were returned for the given search query. Error executing at exchange When an error occurred while executing the powershell script in the Exchange Server.