EmailAttachmentInfoEmailAttachmentInfo

重要

已改善的 Microsoft 365 安全性中心 現在已提供公開預覽。The improved Microsoft 365 security center is now available in public preview. 這種新的經驗會將 Defender、Office 365 的 Defender、Microsoft 365 Defender 等,帶入 Microsoft 365 的安全性中心。This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 security center. 安全小組現在可以管理所有端點、電子郵件及跨產品調查、設定和修正,而不需要流覽個別的產品入口網站。Security teams can now manage all endpoint, email and cross product investigations, configuration and remediation without the need to navigate to separate product portals. 深入瞭解已變更的專案。Learn more about what's changed.

適用範圍:Applies to:

  • Microsoft 365 DefenderMicrosoft 365 Defender

[!附注] EmailAttachmentInfo 高級搜尋 架構中的表格包含 Microsoft Defender for Office 365 所處理電子郵件附件的相關資訊。The EmailAttachmentInfo table in the advanced hunting schema contains information about attachments on emails processed by Microsoft Defender for Office 365. 使用這個參考來建立從此表格取回之資訊的查詢。Use this reference to construct queries that return information from this table.

如需進階搜捕結構描述中其他表格的資訊,請參閱進階搜捕參考 (部分內容為機器翻譯)。For information on other tables in the advanced hunting schema, see the advanced hunting reference.

欄名稱Column name 資料類型Data type 描述Description
Timestamp datetimedatetime 事件記錄的日期和時間。Date and time when the event was recorded
NetworkMessageId 字串string Microsoft 365 產生之電子郵件的唯一識別碼Unique identifier for the email, generated by Microsoft 365
SenderFromAddress 字串string 電子郵件用戶端上的電子郵件收件者看得到 [寄件者] 標題中的寄件者電子郵件地址Sender email address in the FROM header, which is visible to email recipients on their email clients
SenderDisplayName 字串string 顯示在通訊錄中之寄件者的名稱,通常是指定或名字、中間名首字母的組合,以及姓氏或姓的組合Name of the sender displayed in the address book, typically a combination of a given or first name, a middle initial, and a last name or surname
SenderObjectId 字串string Azure AD 中寄件者帳戶的唯一識別碼Unique identifier for the sender’s account in Azure AD
RecipientEmailAddress 字串string 收件者的電子郵件地址,或通訊群組清單展開後之收件者的電子郵件地址Email address of the recipient, or email address of the recipient after distribution list expansion
RecipientObjectId 字串string Azure AD 中電子郵件收件者的唯一識別碼Unique identifier for the email recipient in Azure AD
FileName 字串string 記錄動作已套用的檔案名稱Name of the file that the recorded action was applied to
FileType 字串string 副檔名類型File extension type
SHA256 字串string 記錄動作已套用的檔案 SHA-256。SHA-256 of the file that the recorded action was applied to. 此欄位通常未填入,可取得時請使用 SHA1 欄。This field is usually not populated — use the SHA1 column when available.
MalwareFilterVerdict 字串string 決定電子郵件是否包含惡意程式碼的電子郵件篩選堆疊:惡意程式碼或非惡意程式碼Verdict of the email filtering stack on whether the email contains malware: Malware, Not malware
MalwareDetectionMethod 字串string 用於偵測電子郵件中惡意程式碼的方法:反惡意程式碼引擎、檔信譽、安全附件Method used to detect malware in the email: Antimalware engine, File reputation, Safe Attachments
ThreatTypes stringstring 從電子郵件篩選棧中判定電子郵件是否包含惡意程式碼、網路釣魚或其他威脅Verdict from the email filtering stack on whether the email contains malware, phishing, or other threats
ThreatNames stringstring 找到惡意程式碼或其他威脅的偵測名稱Detection name for malware or other threats found
DetectionMethods stringstring 用於偵測電子郵件中所發現之惡意程式碼、網路釣魚或其他威脅的方法Methods used to detect malware, phishing, or other threats found in the email
ReportId longlong 以重複計數器為基礎的事件識別碼。Event identifier based on a repeating counter. 若要識別唯一的事件,此資料行必須與 DeviceName 及 Timestamp 資料行一起使用。To identify unique events, this column must be used in conjunction with the DeviceName and Timestamp columns.