EmailPostDeliveryEvents
Office 365 security events occurred post email delivery to recipient mailbox.
Categories
- Security
Solutions
- Microsoft Sentinel
Columns
| Column | Type | Description |
|---|---|---|
| Action | string | Action taken on the entity |
| ActionResult | string | Result of the action |
| ActionTrigger | string | Indicates whether an action was triggered by an administrator (manually or through approval of a pending automated action), or by some special mechanism, such as a ZAP or String Delivery |
| ActionType | string | Type of activity that triggered the event |
| DeliveryLocation | string | Delivered email location: Inbox/Folder, On-premises/External, Junk, Quarantine, Failed, Dropped, Deleted items |
| InternetMessageId | string | Public-facing identifier for the email that is set by the sending email system |
| NetworkMessageId | string | Email unique identifier generated by Office 365 |
| RecipientEmailAddress | string | Recipient email address or email address of the recipient after distribution list expansion |
| ReportId | string | Unique identifier for the event |
| SourceSystem | string | |
| TenantId | string | |
| TimeGenerated | datetime | Date and time (UTC) when the record was generated |
| Type | string | The name of the table |