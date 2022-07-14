Available parameters

You can pull information for a message in search detections using the following parameters:

From ( envelope_from )

) From Name

To (any) ( envelope_to )

) To Name (any)

Cc (any)

ReplyTo

Subject (any)

Sent DateTime (formatted as YYYY-MM-DDTHH:MM:SS )

) Received DateTime (formatted as YYYY-MM-DDTHH:MM:SS )

) final_disposition

alert_id

sha256 (attachments)

ssdeep (attachments)

name (attachments)

md5 (attachments)

Message-ID

smtp_helo_server_ip

smtp_previous_hop_ip

x_originating_ip

Reason(s) for Detection

​​ Data retention

For Area 1 Horizon Enterprise customers, detections search would index for amperiod of 12 months and rotate over to a rolling 12-month period.

For Area 1 Horizon Advantage customers, detections search would index for 3 months and rotate over to a rolling 3-month period.