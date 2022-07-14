Available parameters
You can pull information for a message in search detections using the following parameters:
- From (
envelope_from)
- From Name
- To (any) (
envelope_to)
- To Name (any)
- Cc (any)
- ReplyTo
- Subject (any)
- Sent DateTime (formatted as
YYYY-MM-DDTHH:MM:SS)
- Received DateTime (formatted as
YYYY-MM-DDTHH:MM:SS)
- final_disposition
- alert_id
- sha256 (attachments)
- ssdeep (attachments)
- name (attachments)
- md5 (attachments)
- Message-ID
- smtp_helo_server_ip
- smtp_previous_hop_ip
- x_originating_ip
- Reason(s) for Detection
Data retention
For Area 1 Horizon Enterprise customers, detections search would index for amperiod of 12 months and rotate over to a rolling 12-month period.
For Area 1 Horizon Advantage customers, detections search would index for 3 months and rotate over to a rolling 3-month period.