Values of fields in the body of CEF messages for classes of Quarantine group events
4 July 2024
ID 151772
In the body of CEF messages for classes of Quarantine group events, you can use keys in accordance with their semantics (see the table below).
Permissible values of the fields for classes of Quarantine group events
Key | Value |
---|---|
cs1 | Message ID. |
cs1Label | Its value is always |
cs2 | List of rules separated with commas. |
cs2Label | Its value is always |
cs3 | Account under which the action was performed on the message. |
cs3Label | Its value is always |
src | IP address from which the message was received. |
duser | List of message recipients. |
suser | Mail sender. |
act | Action performed on the message ( |
Each class of Quarantine group events can contain only keys that are relevant to it (see the table below).
Relevant keys for classes of Quarantine group events
Event class | Relevant keys |
---|---|
LMS_EV_ASP_QUARANTINE | cs1, cs1Label, src, suser, cs3, cs3Label, act |
LMS_EV_KATA_QUARANTINE | cs1, cs1Label, cs2, cs2Label, suser, duser, act, cs3, cs3Label |