API Reference

Email Security

Investigate

Copy Markdown

Open in Claude

Open in ChatGPT

Open in Cursor

---

Copy Markdown

View as Markdown

Detections

Get message detection details

client.emailSecurity.investigate.detections.get(stringinvestigateId, DetectionGetParams { account_id } params, RequestOptionsoptions?): DetectionGetResponse { action, attachments, findings, 6 more }

GET/accounts/{account_id}/email-security/investigate/{investigate_id}/detections

ModelsExpand Collapse

DetectionGetResponse { action, attachments, findings, 6 more }

action: string

attachments: Array<Attachment>

size: number

Size of the attachment in bytes

minimum0

content_type?: string | null

MIME type of the attachment

detection?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more | null

Detection result for this attachment

One of the following:

"MALICIOUS"

"MALICIOUS-BEC"

"SUSPICIOUS"

"SPOOF"

"SPAM"

"BULK"

"ENCRYPTED"

"EXTERNAL"

"UNKNOWN"

"NONE"

encrypted?: boolean | null

Whether the attachment is encrypted

filename?: string | null

Name of the attached file

md5?: string | null

MD5 hash of the attachment

name?: string | null

Attachment name (alternative to filename)

sha1?: string | null

SHA1 hash of the attachment

sha256?: string | null

SHA256 hash of the attachment

findings: Array<Finding> | null

attachment?: string | null

detail?: string | null

detection?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more

One of the following:

"MALICIOUS"

"MALICIOUS-BEC"

"SUSPICIOUS"

"SPOOF"

"SPAM"

"BULK"

"ENCRYPTED"

"EXTERNAL"

"UNKNOWN"

"NONE"

field?: string | null

name?: string | null

portion?: string | null

reason?: string | null

score?: number | null

formatdouble

value?: string | null

headers: Array<Header>

name: string

value: string

links: Array<Link>

href: string

text?: string | null

sender_info: SenderInfo { as_name, as_number, geo, 2 more }

as_name?: string | null

The name of the autonomous system.

as_number?: number | null

The number of the autonomous system.

geo?: string | null

ip?: string | null

pld?: string | null

threat_categories: Array<ThreatCategory>

id?: number

description?: string | null

name?: string | null

validation: Validation { comment, dkim, dmarc, spf }

comment?: string | null

dkim?: "pass" | "neutral" | "fail" | 2 more

One of the following:

"pass"

"neutral"

"fail"

"error"

"none"

dmarc?: "pass" | "neutral" | "fail" | 2 more

One of the following:

"pass"

"neutral"

"fail"

"error"

"none"

spf?: "pass" | "neutral" | "fail" | 2 more

One of the following:

"pass"

"neutral"

"fail"

"error"

"none"

final_disposition?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more

One of the following:

"MALICIOUS"

"MALICIOUS-BEC"

"SUSPICIOUS"

"SPOOF"

"SPAM"

"BULK"

"ENCRYPTED"

"EXTERNAL"

"UNKNOWN"

"NONE"