Applying Advanced Filters

Sender

Specify the sender email address.

Email header (To)

Specify a primary recipient email address in the email header.

Message ID

Specify the unique message ID.

Example: 20160603021433.F0304120A7A@example.com

Subject

Specify the email message subject.

Direction

Specify the message direction.

Rule

Specify a rule name.

Email header (From)

Specify the author email address in the email header.

URL

Specify a URL.

Source IP

Specify the MTA IP address nearest to the email sender. The source IP is the IP address of the attack source, compromised MTA, or a botnet with mail relay capabilities.

A compromised MTA is usually a third-party open mail relay used by attackers to send malicious email messages or spam without detection.

File name

Specify an attachment file name.

Data identifier

Specify a data identifier name.

YARA rule name

Specify the name of a YARA rule.

Recipient

Specify a recipient email address. Only one address is allowed.

Threat name

Specify the threat name provided by Trend Micro. The dashboard widgets and the Detections tab provide information about threat names.

For information about threat discovery capabilities, see Scanning / Analysis.

Sender IP

Specify the sender IP address.

If you deploy Deep Discovery Email Inspector as an edge MTA in your network, the sender IP address is the public IP address of the external MTA nearest to your network.

If you deploy Deep Discovery Email Inspector as a non-edge MTA in your network, the sender IP address is the IP address of the MTA nearest to the edge MTA relay server.

Policy

Specify a policy name.

DLP template

Specify a DLP template name.

YARA rule file name

Specify the name of a YARA rule file.

Password-protected attachment

Select email messages that contain a password-protected file.

Manual email submissions

Select email messages that are manually submitted to Deep Discovery Email Inspector for analysis by the administrator.

For more information, see Email Submissions.