Procedure
- Search for the email message.
- Click the arrow next to the email message in the
table.The table row expands with more information.
- Discover the email message details.
Email Message Details
The following table explains the email message details viewable after
expanding the search results. The display fields vary depending on the type of detected
threats.
|
Field
|
Description
|
||
|
View in Threat Connect
|
Click View in Threat Connect to get correlated
information about suspicious objects detected in your environment and threat data
from the Trend Micro Smart Protection Network, which provides relevant and
actionable intelligence.
|
||
|
View Virtual Analyzer Report
|
Click View Virtual Analyzer Report to
view the analysis report in HTML or PDF format.
|
||
|
View Screenshot
|
Click View Screenshot to safely
display the email message as an image.
|
||
|
Download
|
Select an option from the drop-down list to download the information
for further investigation.
|
||
|
Overview
|
View the message ID, recipients, last detection time, sender and
source IP addresses, and direction of the email message to understand where the
message came from and other tracking information.
Get information about the policy rules that the email message
violates.
|
||
|
Messages
|
View the name of the scanning engine and the category for
detected email messages that are considered as spam or graymail.
|
||
|
Attachments
|
Get information about any files attached to the email message,
including the file name, password, file type, risk level, SHA-1 and SHA-256 hash
values, the scan engine that identified the threat, and the name of detected
threats.
|
||
|
YARA Detection
|
Get information about the detected files based on matched
YARA rules in the associated YARA rule files.
|
||
|
Links
|
Get information about any embedded suspicious URLs that appeared
in the email message, including the URL, site category, risk level, extraction
source, the scan engine that identified the threat, and the name of detected
threats.
|
||
|
Message Characteristics
|
Get information about any social engineering
attack related characteristics that were detected in the email message, including
the mail server reputation, gaps between transits, inconsistent recipient accounts,
and forged sender addresses or unexpected relay servers, etc.
|
||
|
Content Keyword/Expression Match
|
Get information about the content keywords or expressions that
are matched in the email message.
|
||
|
DLP Incident
|
Get information about the data identifiers and DLP templates
that are matched in the email message, message location, and forensic data.
|
||
|
Email Header
|
View the email message header content.
|
