Views:
Downloads quarantined emails in Exchange Online.

HTTPS Request

POST https://<serviceURL>/v1/siem/quanrantine_mails

Request Body

The request must contain a request body.
The following parameters are supported in the request body.
Parameter
Data Type
Description
Required Parameter
quarantine_events
JSON array
Details of the quarantined email to download
Only one quarantined email can be downloaded in one request.
Note
Note
You can use the "Get Quarantine Events" API to transparently pass this parameter to the current API.
quarantine_events/service
String
Name of the requested service
quarantine_events/message
JSON array
Details of one quarantine event
quarantine_events/message/affected_user
String
Mailbox that received an email message triggering the quarantine event, or user account that uploaded or modified a file triggering the quarantine event
quarantine_events/message/mailbox
String
Email address of an email message
quarantine_events/message/mail_unique_id
String
Unique ID of an email message
quarantine_events/message/mail_log_id
String
ID that uniquely identifies a quarantine event
quarantine_events/message/mail_message_id
String
ID of the email message that triggered the quarantine event
quarantine_events/message/mail_blob_path
String
Path of the blob for storing the email.
Note
Note
This field is available only for Exchange Online (Inline Mode).
quarantine_events/message/mail_backup_blob_path
String
Path of the backup blob for storing the email.
Note
Note
This field is available only for Exchange Online (Inline Mode).
quarantine_events/message/mail_message_direction
String
Mail direction, indicating whether the email is inbound or outbound message
Note
Note
This field is available only for Exchange Online (Inline Mode).
Optional Parameter
download_options
JSON object
Options you want to specify for the download.
download_options/compression_password
String
Password for decompressing the ZIP file downloaded.
If you leave the parameter empty, no password is required.

Request Example

The content following "Authorization" is the request body.
POST https://api.tmcas.trendmicro.com/v1/siem/quarantine_mails
Content-Type: application/json
Authorization: Bearer 4d2w151db50e0dh7006dcasac47b47cef24akbcc7
{
    "download_options": {
        "compression_password": "123"
    },
    "quarantine_events": [
        {
            "service": "Exchange Online",
            "message": {
                 "affected_user": "username@example.com",
                "mailbox": "username@example.com",                 
                "mail_unique_id": "AAkALgAAAAAAHYQDEapmEc2byACqAC-EWg0AVPtSMPxqMkGV88L4JZR0rwACEYTIZgAA",
                "mail_log_id": "5affe416-c4d6-11ee-8159-000d3a31c0d0",
                "mail_message_id": "<TYSLK03MB811295533033CWF6B78067F48F462@skzafjdshlmjdls.fdsafda.prod.outlook.com>"
            }
        }
    ]
}

Response

The response returns the requested email in a ZIP file.