Email

The Email object describes the email metadata such as sender, recipients, and direction.

Attributes

Caption	Name	Type	Description
Cc	`cc`	Email Address[]	The email header Cc values, as defined by RFC 5322.
Data Classification	`data_classification`	Data Classification[]	The Data Classification object includes information about data classification levels and data category types.
Delivered To	`delivered_to`	Email Address	The Delivered-To email header field.
Direction	`direction`	String	The direction of the email, as defined by the `direction_id` value. 🚧 WARNING: DEPRECATED Direction has been deprecated since 1.1.0. Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0
Direction ID	`direction_id`	Integer	The direction of the email relative to the scanning host or organization. Email scanned at an internet gateway might be characterized as inbound to the organization from the Internet, outbound from the organization to the Internet, or internal within the organization. Email scanned at a workstation might be characterized as inbound to, or outbound from the workstation. 🚧 WARNING: DEPRECATED Direction ID has been deprecated since 1.1.0. Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0 `-1`: Other (`OTHER`) `0`: Unknown (`UNKNOWN`) `1`: Inbound (`INBOUND`) `2`: Outbound (`OUTBOUND`) `3`: Internal (`INTERNAL`) `99`: Other (`OTHER`)
From	`from`	Email Address	The email header From values, as defined by RFC 5322.
Message UID	`message_uid`	String	The email header Message-Id value, as defined by RFC 5322.
Raw Data	`raw_data`	JSON	The event data as received from the event source.
Raw Header	`raw_header`	String	The email authentication header.
Recipient Users	`recipient_users`	User[]	The users receiving the email
Record ID	`record_id`	String	Unique identifier for the object
Reply To	`reply_to`	Email Address	The email header Reply-To values, as defined by RFC 5322.
Sender Users	`sender_users`	User[]	The user who sent the email
Size	`size`	Long	The size in bytes of the email, including attachments.
SMTP From	`smtp_from`	Email Address	The value of the SMTP MAIL FROM command.
SMTP Hello	`smtp_hello`	String	The value of the SMTP HELO or EHLO command. 🚧 WARNING: DEPRECATED SMTP Hello has been deprecated since 1.1.0. Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0
SMTP To	`smtp_to`	Email Address[]	The value of the SMTP envelope RCPT TO command.
Subject	`subject`	String	The email header Subject value, as defined by RFC 5322.
To	`to`	Email Address[]	The email header To values, as defined by RFC 5322.
Email UID	`uid`	String	The email unique identifier.
Unmapped Data	`unmapped`	Unmapped[]	The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source.
X-Originating-IP	`x_originating_ip`	IP Address[]	The X-Originating-IP header identifying the emails originating IP address(es).

Relationships

Inbound Relationships

These objects and events reference Email in their attributes:

Outbound Relationships

Email references the following objects and events in its attributes:

This page describes qdm-1.3.2+ocsf-1.3.0