email
The Email object describes the email metadata such as sender, recipients, and direction.
Attributes
| Caption | Name | Type | Description |
|---|---|---|---|
| Cc | cc | Email Address[] | Entity:EMAIL_ADDRESSThe machine-readable email header Cc values, as defined by RFC 5322. For example [email protected]. |
| Cc Mailboxes | cc_mailboxes | String[] | The human-readable email header Cc Mailbox values. For example 'Example User <[email protected]>'. |
| Data Classification | data_classification | Data Classification[] | Group:contextThe Data Classification object includes information about data classification levels and data category types.
|
| Data Classification | data_classifications | Data Classification[] | Group:contextA list of Data Classification objects, that include information about data classification levels and data category types, identified by a classifier. |
| Delivered To | delivered_to | Email Address | Entity:EMAIL_ADDRESSThe machine-readable Delivered-To email header field. For example [email protected]
|
| Delivered To List | delivered_to_list | Email Address[] | Entity:EMAIL_ADDRESSThe machine-readable Delivered-To email header values. For example [email protected] |
| Files | files | File[] | Entity:FILEThe files embedded or attached to the email. |
| From | from | Email Address | Entity:EMAIL_ADDRESSThe machine-readable email header From value, as defined by RFC 5322. For example [email protected]. |
| From List | from_list | Email Address[] | Entity:EMAIL_ADDRESSThe machine-readable email header From values. This array should contain the value in from. For example [email protected]. |
| From Mailbox | from_mailbox | String | The human-readable email header From Mailbox value. For example 'Example User <[email protected]>'. |
| From Mailboxes | from_mailboxes | Email Address[] | Entity:EMAIL_ADDRESSThe human-readable email header From Mailbox values. This array should contain the value in from_mailbox. For example 'Example User <[email protected]>'. |
| HTTP Headers | http_headers | HTTP Header[] | Additional HTTP headers of an HTTP request or response. |
| Read | is_read | Boolean | The indication of whether the email has been read. |
| Message UID | message_uid | String | Entity:MESSAGE_UIDThe email header Message-ID value, as defined by RFC 5322. |
| Raw Data | raw_data | JSON | Group:contextThe event data as received from the event source. |
| Raw Header | raw_header | String | The email authentication header. |
| Recipient Users | recipient_users | User[] | Entity:USERThe users receiving the email |
| Record ID | record_id | String | Group:primaryUnique identifier for the object |
| Reply To | reply_to | Email Address | Entity:EMAIL_ADDRESSThe machine-readable email header Reply-To value, as defined by RFC 5322. For example [email protected]
|
| Reply To List | reply_to_list | Email Address[] | Entity:EMAIL_ADDRESSThe machine-readable email header Reply-To values, as defined by RFC 5322. For example [email protected] |
| Reply To Mailboxes | reply_to_mailboxes | String[] | The human-readable email header Reply To Mailbox values. For example 'Example User <[email protected]>'. |
| Return Path | return_path | Email Address | Entity:EMAIL_ADDRESSThe address found in the 'Return-Path' header, which indicates where bounce messages (non-delivery reports) should be sent. This address is often set by the sending system and may differ from the 'From' or 'Sender' addresses. For example, [email protected]. |
| Sender | sender | Email Address | Entity:EMAIL_ADDRESSThe machine readable email address of the system or server that actually transmitted the email message, extracted from the email headers per RFC 5322. This differs from the from field, which shows the message author. The sender field is most commonly used when multiple addresses appear in the from_list field, or when the transmitting system is different from the message author (such as when sending on behalf of someone else). |
| Sender Mailbox | sender_mailbox | String | The human readable email address of the system or server that actually transmitted the email message, extracted from the email headers per RFC 5322. This differs from the from_mailbox field, which shows the message author. The sender mailbox field is most commonly used when multiple addresses appear in the from_mailboxes field, or when the transmitting system is different from the message author (such as when sending on behalf of someone else). |
| Sender Users | sender_users | User[] | Entity:USERThe user who sent the email |
| Size | size | Long | The size in bytes of the email, including attachments. |
| SMTP From | smtp_from | Email Address | Entity:EMAIL_ADDRESSThe value of the SMTP MAIL FROM command.
|
| SMTP To | smtp_to | Email Address[] | Entity:EMAIL_ADDRESSThe value of the SMTP envelope RCPT TO command.
|
| Subject | subject | String | Entity:EMAIL_OBJECT_SUBJECTThe email header Subject value, as defined by RFC 5322. |
| To | to | Email Address[] | Entity:EMAIL_ADDRESSThe machine-readable email header To values, as defined by RFC 5322. For example [email protected] |
| To Mailboxes | to_mailboxes | String[] | The human-readable email header To Mailbox values. For example 'Example User <[email protected]>'. |
| Email Thread UID | uid | String | Entity:EMAIL_OBJECT_UIDThe unique identifier of the email thread. |
| Unmapped | unmapped | Unmapped[] | Data from the source that was not mapped into the schema. |
| URLs | urls | Uniform Resource Locator[] | Entity:UNIFORM_RESOURCE_LOCATORThe URLs embedded in the email. |
| X-Originating-IP | x_originating_ip | IP Address[] | Entity:IP_ADDRESSThe X-Originating-IP header identifying the emails originating IP address(es). |
Relationships
Inbound Relationships
These objects and events reference Email in their attributes:
Outbound Relationships
Email references the following objects and events in its attributes:
This page describes qdm-1.5.1+ocsf-1.6.0