ProofpointPOD_message_CL

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Tables Index

Attribute Value
Custom Log V1 Yes 🔶 — uses type-suffixed column names
Ingestion API Supported ✓ Yes

Contents

Schema (110 columns)

Source: KQL validation test schema

Column Name Type
connection_country_s string
connection_helo_s string
connection_host_s string
connection_ip_s string
connection_protocol_s string
connection_resolveStatus_s string
connection_sid_s string
connection_tls_inbound_cipher_s string
connection_tls_inbound_cipherBits_d real
connection_tls_inbound_version_s string
envelope_from_s string
envelope_fromHashed_s string
envelope_rcpts_s string
envelope_rcptsHashed_s string
event_type_s string
EventProduct string
EventVendor string
filter_actions_s string
filter_disposition_s string
filter_durationSecs_d real
filter_modules_av_virusNames_s string
filter_modules_dkimv_s string
filter_modules_dmarc_alignment_s string
filter_modules_dmarc_authResults_s string
filter_modules_dmarc_filterdResult_s string
filter_modules_dmarc_records_s string
filter_modules_dmarc_srvid_s string
filter_modules_pdr_v2_response_s string
filter_modules_pdr_v2_rscore_d real
filter_modules_spam_charsets_s string
filter_modules_spam_langs_s string
filter_modules_spam_safeBlockedListMatches_s string
filter_modules_spam_scores_classifiers_s string
filter_modules_spam_scores_engine_d real
filter_modules_spam_scores_overall_d real
filter_modules_spam_triggeredClassifier_s string
filter_modules_spam_version_definitions_s string
filter_modules_spam_version_engine_s string
filter_modules_spf_domain_s string
filter_modules_spf_result_s string
filter_modules_urldefense_counts_noRewriteIsEmail_d real
filter_modules_urldefense_counts_noRewriteIsExcludedDomain_d real
filter_modules_urldefense_counts_noRewriteIsLargeMsgPartSize_d real
filter_modules_urldefense_counts_noRewriteIsMaxLengthExceeded_d real
filter_modules_urldefense_counts_noRewriteIsSchemeless_d real
filter_modules_urldefense_counts_noRewriteIsUnsupportedScheme_d real
filter_modules_urldefense_counts_rewritten_d real
filter_modules_urldefense_counts_total_d real
filter_modules_urldefense_counts_unique_d real
filter_modules_urldefense_version_engine_s string
filter_modules_zerohour_score_s string
filter_msgSizeBytes_d real
filter_origGuid_s string
filter_qid_s string
filter_quarantine_folder_s string
filter_quarantine_rule_s string
filter_routeDirection_s string
filter_routes_s string
filter_startTime_t datetime
filter_suborgs_rcpts_s string
filter_suborgs_sender_s string
filter_throttleIp_s string
filter_verified_rcpts_s string
filter_verified_rcptsHashed_s string
guid_s string
metadata_origin_data_agent_s string
metadata_origin_data_cid_s string
metadata_origin_data_version_s string
msg_header_cc_s string
msg_header_ccHashed_s string
msg_header_from_s string
msg_header_fromHashed_s string
msg_header_message_id_s string
msg_header_reply_to_s string
msg_header_reply_toHashed_s string
msg_header_return_path_s string
msg_header_return_pathHashed_s string
msg_header_subject_s string
msg_header_to_s string
msg_header_toHashed_s string
msg_header_x_mailer_s string
msg_header_x_originating_ip_s string
msg_lang_s string
msg_normalizedHeader_cc_s string
msg_normalizedHeader_ccHashed_s string
msg_normalizedHeader_from_s string
msg_normalizedHeader_fromHashed_s string
msg_normalizedHeader_message_id_s string
msg_normalizedHeader_reply_to_s string
msg_normalizedHeader_reply_toHashed_s string
msg_normalizedHeader_return_path_s string
msg_normalizedHeader_return_pathHashed_s string
msg_normalizedHeader_subject_s string
msg_normalizedHeader_to_s string
msg_normalizedHeader_toHashed_s string
msg_normalizedHeader_x_mailer_s string
msg_normalizedHeader_x_originating_ip_s string
msg_parsedAddresses_cc_s string
msg_parsedAddresses_ccHashed_s string
msg_parsedAddresses_from_s string
msg_parsedAddresses_fromHashed_s string
msg_parsedAddresses_to_s string
msg_parsedAddresses_toHashed_s string
msg_sizeBytes_d real
msgParts_s string
pps_agent_s string
pps_cid_s string
pps_version_s string
TimeGenerated datetime
ts_t datetime

Solutions (1)

This table is used by the following solutions:

Connectors (1)

This table is ingested by the following connectors:

Connector Selection Criteria
[Deprecated] Proofpoint On Demand Email Security

Content Items Using This Table (23)

Analytic Rules (10)

In solution Proofpoint On demand(POD) Email Security:

Analytic Rule Selection Criteria
ProofpointPOD - Binary file in attachment
ProofpointPOD - Email sender IP in TI list
ProofpointPOD - Email sender in TI list
ProofpointPOD - High risk message not discarded
ProofpointPOD - Multiple archived attachments to the same recipient
ProofpointPOD - Multiple large emails to the same recipient
ProofpointPOD - Multiple protected emails to unknown recipient
ProofpointPOD - Possible data exfiltration to private email
ProofpointPOD - Suspicious attachment
ProofpointPOD - Weak ciphers

Hunting Queries (10)

In solution Proofpoint On demand(POD) Email Security:

Hunting Query Selection Criteria
ProofpointPOD - Emails with high score of 'adult' filter classifier value
ProofpointPOD - Emails with high score of 'malware' filter classifier value
ProofpointPOD - Emails with high score of 'phish' filter classifier value
ProofpointPOD - Emails with high score of 'spam' filter classifier value
ProofpointPOD - Emails with high score of 'suspect' filter classifier value
ProofpointPOD - Large size outbound emails
ProofpointPOD - Recipients with high number of discarded or rejected emails
ProofpointPOD - Recipients with large number of corrupted emails
ProofpointPOD - Senders with large number of corrupted messages
ProofpointPOD - Suspicious file types in attachments

Workbooks (3)

In solution Proofpoint On demand(POD) Email Security:

Workbook Selection Criteria
ProofpointPOD

GitHub Only:

Workbook Selection Criteria
ProofPointThreatDashboard
ProofpointPOD

Parsers Using This Table (1)

Other Parsers (1)

Parser Solution Selection Criteria
ProofpointPOD Proofpoint On demand(POD) Email Security

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Tables Index