email

The Email object describes the email metadata such as sender, recipients, and direction.

Attributes

CaptionNameTypeDescription
Cc cc Email Address[] Entity:EMAIL_ADDRESS
The machine-readable email header Cc values, as defined by RFC 5322. For example [email protected].
Cc Mailboxes cc_mailboxes String[] The human-readable email header Cc Mailbox values. For example 'Example User <[email protected]>'.
Data Classification data_classification Data Classification[] Group:context
The Data Classification object includes information about data classification levels and data category types.

🚧 WARNING: DEPRECATED

Data Classification has been deprecated since 1.4.0. Use the attribute data_classifications instead

Data Classification data_classifications Data Classification[] Group:context
A list of Data Classification objects, that include information about data classification levels and data category types, indentified by a classifier.
Delivered To delivered_to Email Address Entity:EMAIL_ADDRESS
The machine-readable Delivered-To email header field. For example [email protected]

🚧 WARNING: DEPRECATED

Delivered To has been deprecated since 1.4.0. Use the delivered_to_list attribute instead.

Delivered To delivered_to_list Email Address[] Entity:EMAIL_ADDRESS
The machine-readable Delivered-To email header values. For example [email protected]
Files files File[] Entity:FILE
The files embedded or attached to the email.
From from Email Address Entity:EMAIL_ADDRESS
The machine-readable email header From values, as defined by RFC 5322. For example [email protected]
From Mailbox from_mailbox String The human-readable email header From Mailbox value. For example 'Example User <[email protected]>'.
HTTP Headers http_headers HTTP Header[] Additional HTTP headers of an HTTP request or response.
Message UID message_uid String The email header Message-ID value, as defined by RFC 5322.
Raw Data raw_data JSON Group:context
The event data as received from the event source.
Raw Header raw_header String The email authentication header.
Recipient Users recipient_users User[] Entity:USER
The users receiving the email
Record ID record_id String Group:primary
Unique identifier for the object
Reply To reply_to Email Address Entity:EMAIL_ADDRESS
The machine-readable email header Reply-To values, as defined by RFC 5322. For example [email protected]

🚧 WARNING: DEPRECATED

Reply To has been deprecated since 1.4.0. Use the reply_to_mailboxes attribute instead.

Reply To Mailboxes reply_to_mailboxes String[] The human-readable email header Reply To Mailbox values. For example 'Example User <[email protected]>'.
Sender Users sender_users User[] Entity:USER
The user who sent the email
Size size Long The size in bytes of the email, including attachments.
SMTP From smtp_from Email Address Entity:EMAIL_ADDRESS
The value of the SMTP MAIL FROM command.

🚧 WARNING: DEPRECATED

SMTP From has been deprecated since 1.4.0. Use the from attribute instead.

SMTP To smtp_to Email Address[] Entity:EMAIL_ADDRESS
The value of the SMTP envelope RCPT TO command.

🚧 WARNING: DEPRECATED

SMTP To has been deprecated since 1.4.0. Use the to attribute instead.

Subject subject String The email header Subject value, as defined by RFC 5322.
To to Email Address[] Entity:EMAIL_ADDRESS
The machine-readable email header To values, as defined by RFC 5322. For example [email protected]
To Mailboxes to_mailboxes String[] The human-readable email header To Mailbox values. For example 'Example User <[email protected]>'.
Email Thread UID uid String The unique identifier of the email thread.
Unmapped unmapped Unmapped[] Data from the source that was not mapped into the schema.
URLs urls Uniform Resource Locator[] Entity:UNIFORM_RESOURCE_LOCATOR
The URLs embedded in the email.
X-Originating-IP x_originating_ip IP Address[] Entity:IP_ADDRESS
The X-Originating-IP header identifying the emails originating IP address(es).

Relationships

Email shown in context

Inbound Relationships

These objects and events reference Email in their attributes:

Outbound Relationships

Email references the following objects and events in its attributes:

This page describes ocsf-1.4.0