Skip to content

Commit 0996724

Browse files
chrisdachrisda
committed
Get-MailTrafficATPReport and Get-MailDetailATPReport EventType updates per PM
1 parent e690aaa commit 0996724

File tree

2 files changed

+52
-30
lines changed

2 files changed

+52
-30
lines changed

exchange/exchange-ps/exchange/advanced-threat-protection/Get-MailDetailATPReport.md

Lines changed: 25 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -94,35 +94,45 @@ Accept wildcard characters: False
9494
### -EventType
9595
The EventType parameter filters the report by the event type. Valid values are:
9696
97-
- Advanced phish filter\*
97+
Email phish EventTypes:
9898
99-
- Anti-malware engine
99+
- Advanced phish filter (Indicates a message caught by the Office 365 machine learning model.)
100100
101-
- ATP safe attachments\*
101+
- Anti-spoof: Intra-org (Indicates an internal message caught by anti-phish spoof protection.)
102102
103-
- ATP safe links\*
103+
- Anti-spoof: external domain (Indicates an external message caught by anti-phish spoof protection.)
104104
105-
- Anti-spoof: Intra-org
105+
- Domain impersonation\* (Indicates a message impersonating a domain protected by an anti-phish policy.)
106106
107-
- Anti-spoof: external domain\*
107+
- User impersonation\* (Indicates a message impersonating a user protected by an anti-phish policy.)
108108
109-
- Domain impersonation\*
109+
- Brand impersonation (Indicates a message caught by Office 365 phish filters as impersonating a known brand.)
110110
111-
- General phish filter
111+
- General phish filter (Indicates a message caught by basic Office 365 phish protection.)
112112
113-
- Malicious URL reputation
113+
- Malicious URL reputation (Indicates a message with a known malicious URL caught by Office 365 phish filters.)
114114
115-
- URL detonation\*
115+
- Phish ZAP (Indicates a phish or spam message detected and auto-purged after delivery.)
116116
117-
- Message passed
117+
Email malware EventTypes:
118118
119-
- Phish ZAP
119+
- Anti-malware engine (Indicates a message caught by the Office 365 anti-malware engine.)
120120
121-
- User impersonation\*
121+
- ATP safe attachments\* (Indicates a message with a malicious attachment blocked by ATP.)
122122
123-
- Brand impersonation
123+
- ATP safe links\* (Indicates when a malicious link is blocked by ATP.)
124124
125-
- ZAP
125+
- ZAP (Indicates a message with malware detected and auto-purged after delivery.)
126+
127+
- Office 365 file reputation (Indicates a message with a known malicious file blocked.)
128+
129+
- Anti-malware policy file type block (Indicates when the Common Attachment Types filter blocks a file.)
130+
131+
Content malware EventTypes:
132+
133+
- AtpDocumentMalware\* (Indicates malicious content detected by ATP Safe Attachments in the cloud.)
134+
135+
- AvDocumentMalware (Indicates malware found by the Office 365 anti-malware engine. Reporting requires ATP or E5.)
126136
127137
\* These features require a standalone Office 365 ATP or E5 subscription.
128138

exchange/exchange-ps/exchange/advanced-threat-protection/Get-MailTrafficATPReport.md

Lines changed: 27 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -152,35 +152,47 @@ Accept wildcard characters: False
152152
### -EventType
153153
The EventType parameter filters the report by the event type. Valid values are:
154154
155-
- Advanced phish filter\*
155+
- Message passed (Indicates a good message.)
156156
157-
- Anti-malware engine
157+
Email phish EventTypes:
158158
159-
- ATP safe attachments\*
159+
- Advanced phish filter (Indicates a message caught by the Office 365 machine learning model.)
160160
161-
- ATP safe links\*
161+
- Anti-spoof: Intra-org (Indicates an internal message caught by anti-phish spoof protection.)
162162
163-
- Anti-spoof: Intra-org
163+
- Anti-spoof: external domain (Indicates an external message caught by anti-phish spoof protection.)
164164
165-
- Anti-spoof: external domain\*
165+
- Domain impersonation\* (Indicates a message impersonating a domain protected by an anti-phish policy.)
166166
167-
- Domain impersonation\*
167+
- User impersonation\* (Indicates a message impersonating a user protected by an anti-phish policy.)
168168
169-
- General phish filter
169+
- Brand impersonation (Indicates a message caught by Office 365 phish filters as impersonating a known brand.)
170170
171-
- Malicious URL reputation
171+
- General phish filter (Indicates a message caught by basic Office 365 phish protection.)
172172
173-
- URL detonation\*
173+
- Malicious URL reputation (Indicates a message with a known malicious URL caught by Office 365 phish filters.)
174174
175-
- Message passed
175+
- Phish ZAP (Indicates a phish or spam message detected and auto-purged after delivery.)
176176
177-
- Phish ZAP
177+
Email malware EventTypes:
178178
179-
- User impersonation\*
179+
- Anti-malware engine (Indicates a message caught by the Office 365 anti-malware engine.)
180180
181-
- Brand impersonation
181+
- ATP safe attachments\* (Indicates a message with a malicious attachment blocked by ATP.)
182182
183-
- ZAP
183+
- ATP safe links\* (Indicates when a malicious link is blocked by ATP.)
184+
185+
- ZAP (Indicates a message with malware detected and auto-purged after delivery.)
186+
187+
- Office 365 file reputation (Indicates a message with a known malicious file blocked.)
188+
189+
- Anti-malware policy file type block (Indicates when the Common Attachment Types filter blocks a file.)
190+
191+
Content malware EventTypes:
192+
193+
- AtpDocumentMalware\* (Indicates malicious content detected by ATP Safe Attachments in the cloud.)
194+
195+
- AvDocumentMalware (Indicates malware found by the Office 365 anti-malware engine. Reporting requires ATP/E5.)
184196
185197
\* These features require a standalone Office 365 ATP or E5 subscription.
186198

0 commit comments

Comments
 (0)