Email

email

The Email object describes the email metadata such as sender, recipients, and direction.

Attributes

Caption	Name	Type	Description
Cc	`cc`	Email Address[]	Entity:`EMAIL_ADDRESS` The machine-readable email header Cc values, as defined by RFC 5322. For example `[email protected]`.
Cc Mailboxes	`cc_mailboxes`	String[]	The human-readable email header Cc Mailbox values. For example `'Example User <[email protected]>'`.
Data Classification	`data_classification`	Data Classification[]	Group:`context` The Data Classification object includes information about data classification levels and data category types. 🚧 WARNING: DEPRECATED Data Classification has been deprecated since 1.4.0. Use the attribute `data_classifications` instead
Data Classification	`data_classifications`	Data Classification[]	Group:`context` A list of Data Classification objects, that include information about data classification levels and data category types, indentified by a classifier.
Delivered To	`delivered_to`	Email Address	Entity:`EMAIL_ADDRESS` The machine-readable Delivered-To email header field. For example `[email protected]` 🚧 WARNING: DEPRECATED Delivered To has been deprecated since 1.4.0. Use the `delivered_to_list` attribute instead.
Delivered To	`delivered_to_list`	Email Address[]	Entity:`EMAIL_ADDRESS` The machine-readable Delivered-To email header values. For example `[email protected]`
Files	`files`	File[]	Entity:`FILE` The files embedded or attached to the email.
From	`from`	Email Address	Entity:`EMAIL_ADDRESS` The machine-readable email header From values, as defined by RFC 5322. For example `[email protected]`
From Mailbox	`from_mailbox`	String	The human-readable email header From Mailbox value. For example `'Example User <[email protected]>'`.
HTTP Headers	`http_headers`	HTTP Header[]	Additional HTTP headers of an HTTP request or response.
Message UID	`message_uid`	String	The email header Message-ID value, as defined by RFC 5322.
Raw Data	`raw_data`	JSON	Group:`context` The event data as received from the event source.
Raw Header	`raw_header`	String	The email authentication header.
Recipient Users	`recipient_users`	User[]	Entity:`USER` The users receiving the email
Record ID	`record_id`	String	Group:`primary` Unique identifier for the object
Reply To	`reply_to`	Email Address	Entity:`EMAIL_ADDRESS` The machine-readable email header Reply-To values, as defined by RFC 5322. For example `[email protected]` 🚧 WARNING: DEPRECATED Reply To has been deprecated since 1.4.0. Use the `reply_to_mailboxes` attribute instead.
Reply To Mailboxes	`reply_to_mailboxes`	String[]	The human-readable email header Reply To Mailbox values. For example `'Example User <[email protected]>'`.
Sender Users	`sender_users`	User[]	Entity:`USER` The user who sent the email
Size	`size`	Long	The size in bytes of the email, including attachments.
SMTP From	`smtp_from`	Email Address	Entity:`EMAIL_ADDRESS` The value of the SMTP MAIL FROM command. 🚧 WARNING: DEPRECATED SMTP From has been deprecated since 1.4.0. Use the `from` attribute instead.
SMTP To	`smtp_to`	Email Address[]	Entity:`EMAIL_ADDRESS` The value of the SMTP envelope RCPT TO command. 🚧 WARNING: DEPRECATED SMTP To has been deprecated since 1.4.0. Use the `to` attribute instead.
Subject	`subject`	String	The email header Subject value, as defined by RFC 5322.
To	`to`	Email Address[]	Entity:`EMAIL_ADDRESS` The machine-readable email header To values, as defined by RFC 5322. For example `[email protected]`
To Mailboxes	`to_mailboxes`	String[]	The human-readable email header To Mailbox values. For example `'Example User <[email protected]>'`.
Email Thread UID	`uid`	String	The unique identifier of the email thread.
Unmapped	`unmapped`	Unmapped[]	Data from the source that was not mapped into the schema.
URLs	`urls`	Uniform Resource Locator[]	Entity:`UNIFORM_RESOURCE_LOCATOR` The URLs embedded in the email.
X-Originating-IP	`x_originating_ip`	IP Address[]	Entity:`IP_ADDRESS` The X-Originating-IP header identifying the emails originating IP address(es).

Relationships

Inbound Relationships

These objects and events reference Email in their attributes:

Outbound Relationships

Email references the following objects and events in its attributes:

This page describes ocsf-1.4.0