Views:
The following table lists the mapping relationships between event types in the request and response.

Event Type Mapping

Requested Event Type
Returned Event Type
Returned Event Subtype
Sample of Returned details Parameter
anti_spoof
Domain-based Authentication
Sender IP Match
-
SPF
DKIM
DMARC
DMARC - SPF
DMARC - DKIM
DMARC - Alignment
DMARC - Availability
threat
Malware
Predictive Machine Learning
 
{
    "threatNames": "Troj,SPY",
    "fileInfo": [{
            "fileName": "file1",
            "fileSha256": "abcd1234dae60bcae54516be6c9953b4bb9644e188606ceac00feebf95bbf10e",
            "threatName": "Troj,SPY"
        }
    ]
}
Pattern-based scanning
Ransomware
-
  • Violating URL
    {
    "urlInfo": [{
            "url": "http://example.com",
            "extractType": "body"
        }
    ]
}
  • Virus
    {
    "threatNames": "Troj",
    "fileInfo": [{
            "fileName": "file1",
            "fileSha256": "abcd1234dae60bcae54516be6c9953b4bb9644e188606ceac00feebf95bbf10e",
            "threatName": "Troj"
        }
    ]
}
Suspicious Objects
Suspicious Files
 
{
    "fileInfo": [{
            "fileName": "file1",
            "fileSha256": "abcd1234dae60bcae54516be6c9953b4bb9644e188606ceac00feebf95bbf10e"
        }
    ]
}
Suspicious URLs
 
{
    "urlInfo": [{
            "url": "http://example.com",
            "extractType": "body"
        }
    ]
}
Advanced Persistent Threat
Analyzed Advanced Threats (Files)
 
{
    "riskLevel": "3",
    "fileInfo": [{
            "fileName": "file1",
            "fileSha256": "abcd1234dae60bcae54516be6c9953b4bb9644e188606ceac00feebf95bbf10e",
            "riskLevel": "3"
        }
    ]
}
Analyzed Advanced Threats (URLs)
 
{
    "riskLevel": "3",
    "urlInfo": [{
            "url": "http://example1.com",
            "extractType": "attachment",
            "attachmentName": "file1.zip",
            "attachmentSha256": "30ce5b4bd4e74f258fea84746b18fdc4790828fc256419b51bf8bcc7e4d38ecc",
            "riskLevel": "3"
        }
    ]
}
Probable Advanced Threats
Note
Note
The details parameter is returned only when the threat is detected by Social Engineering Attack Protection.
 
{
    "spamReport": {
        "enginePatternVersion": "9.0.0.1006;27324006",
        "spamResultHeader": "11-12.747600-7.000000",
        "spamRidHeader": "wjdoQEOKyrY5rof3b4z0VOZgbl4O3Ko30zWxVR+05p1F5bM86HNXD6PFjJEFr+olq+Ty"}
}
Scan Exception
Virtual Analyzer scan exception
-
Virtual Analyzer submission quota exception
Password protected attachment
Other exceptions
Web Reputation
-
 
{
    "urlInfo": [{
            "url": "http://example1.com",
            "extractType": "attachment",
            "attachmentName": "file1.zip",
            "attachmentSha256": "abcd1234dae60bcae54516be6c9953b4bb9644e188606ceac00feebf95bbf10e"
        }, {
            "url": "http://example2.com",
            "extractType": "attachment",
            "attachmentName": "file2.zip",
            "attachmentSha256": "ace8f873c55a3c0ee1d54a2dd1864a47bee3aab36cbeccd0a417e87054758756"
        }
    ]
}
spam
Spam
-
 
{
    "spamReport": {
        "enginePatternVersion": "9.0.0.1006;27324006",
        "spamResultHeader": "11-12.747600-7.000000",
        "spamRidHeader": "wjdoQEOKyrY5rof3b4z0VOZgbl4O3Ko30zWxVR+05p1F5bM86HNXD6PFjJEFr+olq+Ty"}
}
Graymail
Marketing message and newsletter
Social network notification
Forum notification
Bulk email message
phishing
Phishing
Detected by Antispam Engine
 
{
    "spamReport": {
        "enginePatternVersion": "9.0.0.1006;27324006",
        "spamResultHeader": "11-12.747600-7.000000",
        "spamRidHeader": "wjdoQEOKyrY5rof3b4z0VOZgbl4O3Ko30zWxVR+05p1F5bM86HNXD6PFjJEFr+olq+Ty"}
}
Detected by Correlated Intelligence
 
{
    "riskAIMatchedRule": {
        "ruleID":"AP01-005",
        "ruleName":"Quishing Email with Anti-bot Behavior",
        "matchedFilters": [{
            "filterID":"FIL002",
            "filterName":"Newly Observed Sender"
        }, {
            "filterID":"FIL006",
            "filterName":"CAPTCHA Challenge by Suspicious Website"
        }, {
            "filterID":"FIL009",
            "filterName":"QR Code for URL"
        }, {
            "filterID":"FIL012",
            "filterName":"File Sharing Service Abuse"
            }
        ]
    }
}
Business Email Compromise (BEC)
Detected by Antispam Engine
 
{
    "spamReport": {
        "enginePatternVersion": "9.0.0.1006;27324006",
        "spamResultHeader": "11-12.747600-7.000000",
        "spamRidHeader": "wjdoQEOKyrY5rof3b4z0VOZgbl4O3Ko30zWxVR+05p1F5bM86HNXD6PFjJEFr+olq+Ty"}
}
Detected by writing style analysis
Suspected by Antispam Engine
anomaly
Anomaly
Suspicious Email
 
{
	"riskAIScanResult": {
		"riskAIMatchedRule": {
			"ruleID": "AN001",
			"ruleName": "Possible Quishing Email",
			"matchedFilters": [
				{
					"filterID": "FIL002",
					"filterName": "Newly Observed Sender"
				},
				{
					"filterID": "FIL009",
					"filterName": "QR Code for URL"
				}
			]
		}
	}
}
Possibly Unwanted Email
Customized Anomaly
content_filter
Content
-
-
Attachment
-
dlp
Data Loss Prevention
-
-