question

JasonAtkins-1661 avatar image
0 Votes"
JasonAtkins-1661 asked KyleXu-MSFT commented

Creating custom alert policies in Office365

Hi

I am trying to create a new alert policy using the New-ProtectionAlert cmdlet with the following Filter parameters

  1. Mail.IsThreat is $true

  2. Message header 'my-policy-result: fail' exists in an email

My questions are:
1. How/where is the Mail.IsThreat filterable property defined? Is it only settable by EOP or Defender365?
2. Can you define a Filter parameter based on a message header?

Thanks



office-exchange-server-administration
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

KyleXu-MSFT avatar image
0 Votes"
KyleXu-MSFT answered

@JasonAtkins-1661

This Tag is mainly dedicated to question related with Exchange online, since your question is related with Office 365, I would suggest you open a service request to confirm with Office 365 team.

Here are my suggestions, it may be useful to you:

The "Mail:IsThreat" is belonged to "Malware", if you want to using it, you need to have this add-on subscription below:
82120-qa-kyle-10-14-40.png

If you are not familiar with PowerShell, you can create this policy in security and compliance center, then use command below to check it:

 Get-ProtectionAlert -Identity "YourPolicy" | fl filter 

About whether this alter could filter on message header, you can also confirm with the Office 365 team.


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

JasonAtkins-1661 avatar image
0 Votes"
JasonAtkins-1661 answered KyleXu-MSFT commented

Hi thanks for the reply

I will raise the ticket as you suggest. I have a developer E5 license at the moment but will look to see if I can add either of those add-ons to get a bit further.

Out of interest, what did you enter to get the information about ThreatType: Malware?

Thanks

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Just the "-ThreatType" in "New-ProtectionAlert"


0 Votes 0 ·