Cloudflare Docs
Area 1 Email Security
Area 1 Email Security
Edit this page on GitHub
Set theme to dark (⇧+D)

Available parameters

You can pull information for a message in search detections using the following parameters:

  • From (envelope_from)
  • From Name
  • To (any) (envelope_to)
  • To Name (any)
  • Cc (any)
  • ReplyTo
  • Subject (any)
  • Sent DateTime (formatted as YYYY-MM-DDTHH:MM:SS)
  • Received DateTime (formatted as YYYY-MM-DDTHH:MM:SS)
  • final_disposition
  • alert_id
  • sha256 (attachments)
  • ssdeep (attachments)
  • name (attachments)
  • md5 (attachments)
  • Message-ID
  • smtp_helo_server_ip
  • smtp_previous_hop_ip
  • x_originating_ip
  • Reason(s) for Detection

​​ Search terms

In addition to the message parameters above, you can use these additional detection search strings:

  • phish_submission
  • phish_submission_response
  • user_submission
  • team_submission
  • auto-retraction
  • browser_isolation_rewrite

For disposition-specific submission searches, refer to Service Addresses in the Area 1 dashboard.

​​ Data retention

For Area 1 Horizon Enterprise customers, detections search would index for a period of 12 months and rotate over to a rolling 12-month period.

For Area 1 Horizon Advantage customers, detections search would index for three months and rotate over to a rolling 3-month period.