EmailPostDeliveryEvents 表的查询

项目
11/11/2024

有关在 Azure 门户中使用这些查询的信息，请参阅 Log Analytics 教程。有关 REST API，请参阅查询。

交付后管理员操作

显示管理员执行的交付后操作。

EmailPostDeliveryEvents
| where ActionTrigger == 'AdminAction'
| take 100

未处理的交付后网络钓鱼电子邮件检测

显示未处理的交付后网络钓鱼电子邮件检测。

EmailPostDeliveryEvents
| where ActionType == 'Phish ZAP' and ActionResult == 'Error'
| join EmailEvents on NetworkMessageId, RecipientEmailAddress  
| take 100

完整电子邮件处理详细信息

按发送方和主题包含预定义的交付后操作或自动规则的电子邮件。

let mySender = "<insert sender email address>";
let subject = "<insert email subject>";
EmailEvents
| where SenderFromAddress == mySender and Subject == subject
| join EmailPostDeliveryEvents on NetworkMessageId, RecipientEmailAddress 
| take 100