Email Message Correlation

Threat Investigations can correlate information from Endpoint Sensor, Cloud App Security, and Active Directory to display attack information about an endpoint, user account, and possible email attack vectors throughout your network.


You must properly configure Cloud App Security before being able to correlate email message information.

The Email Message pane displays information about selected email messages associated with the Analysis Chain and provides further details about users within your organization.

The following table highlights some of the correlated data.




Click to display a list of all of the recipients that received the email message


Click to displays a list of all files attached to the email message

Embedded URLs

Click to displays a list of all URLs embedded in the email body