Email Message Correlation

Threat Investigations can correlate information from Endpoint Sensor, Cloud App Security, and Active Directory to display attack information about an endpoint, user account, and possible email attack vectors throughout your network.


You must properly configure Cloud App Security and Apex Central before being able to correlate email message information.

For more information, see Configuring Cloud Service Settings.

The Email Message pane displays information about selected email messages associated with the Analysis Chain and provides further details about users within your organization.

The following table highlights some of the correlated data.




Click to display a list of all of the recipients that received the email message


Click to displays a list of all files attached to the email message

Embedded URLs

Click to displays a list of all URLs embedded in the email body

Affected Users

Click to display a list of all of the email accounts within your organization that currently have the specified file attached to an email message within the email account