Views:
  1. Go to Appliances > Logs > Email Message Tracking.

    The Email Message Tracking screen appears.

  2. Select the risk level by using the drop-down control.
  3. Select a time period.
  4. Select domains from which email messages should be displayed.
  5. To run a basic search, type a keyword in the search text box, and then press ENTER or click the magnifying glass icon.

    By default, Deep Discovery Director (Consolidated Mode) searches Email Messages by Recipients, Email Header (To), Sender, Email Header (From).

  6. To create and apply an advanced search filter, click Advanced.

    For details, see Email Message Tracking Advanced Search Filters.

  7. Click the arrow icon in the left-most column to view detailed information about the email message.

    Field

    Description

    Message ID

    The unique ID for the email message.

    Source IP

    The MTA IP address nearest to the email message sender.

    Sender IP

    The IP address of the email message sender.

    Processing history

    View how Deep Discovery Email Inspector processed the email message. The following are the possible processing actions:

    • Action set to 'pass'

      • The Pass policy action was applied to the email message.

      • A copy of the email message was released by the user. This only applies if the Strip attachments, redirect links to blocking page, and tag and Strip attachments, redirect links to warning page, and tag policies were applied to the original email message.

    • Deleted (reason): The email message was deleted based on content filtering or threat protection rules, DLP policy violations, or from the Quarantine.

    • Delivered: The email message was delivered.

    • Not analyzed: Virtual Analyzer was unable to complete the analysis for the reason specified.

    • Processing completed: Analysis was completed and the email message was discarded. This is the final status in BCC and SPAN/TAP mode.

    • Quarantined (reason): The email message was quarantined in keeping with your Deep Discovery Email Inspector policies. In BCC mode and SPAN/TAP mode, email messages are never quarantined.

    • Queued for delivery: The email message is pending delivery. In BCC mode and SPAN/TAP mode, email messages with this status are queued to be discarded.

    • Received: The email message was received by Deep Discovery Email Inspector.

    • Sent for analysis: The email message was sent to Virtual Analyzer for analysis.

    • Stripped (content filtering/DLP incident/threat): Attachments were stripped from the email message and it was passed for delivery.

    Do any of the following:

    • Quarantined message:

      • View in Detection Details

      • View in Quarantine

    • Non-quarantined message, with high/medium/low risk level:

      View in Detection Details

  8. (Optional) Click the Export icon, select a delimiter to use, and then click OK to export and download the currently filtered list of email message tracking logs to a CSV file with the chosen delimiter.
Parent topic: Email Message Tracking