Cloudflare Docs

Cloudflare Docs

Area 1 Email Security

Overview
Setup
Inline
Setup
Reference
Egress IPs
API
Setup
Account setup
Manage account members
Escalation contacts
Manage parent permissions
SSO integration
Permissions
Email configuration
Domains and routing
Domains
Alert Webhooks
Partner Domains TLS
Email policies
Text add-ons
Allow and block lists
Allowed patterns
Trusted domains
Block lists
Enhanced detections
Business email compromise (BEC)
Added Detections
Retract settings
Phish submissions
Admin Quarantine
Reporting
Detection search
Available parameters
Mail Trace
Phish reports
SIEM integration
API
Service accounts
Partners
Reference
How we detect phish
Dispositions and attributes
Language support

Available parameters

You can pull information for a message in search detections using the following parameters:

From (envelope_from)
From Name
To (any) (envelope_to)
To Name (any)
Cc (any)
ReplyTo
Subject (any)
Sent DateTime (formatted as YYYY-MM-DDTHH:MM:SS)
Received DateTime (formatted as YYYY-MM-DDTHH:MM:SS)
final_disposition
alert_id
sha256 (attachments)
ssdeep (attachments)
name (attachments)
md5 (attachments)
Message-ID
smtp_helo_server_ip
smtp_previous_hop_ip
x_originating_ip
Reason(s) for Detection

Data retention

For Area 1 Horizon Enterprise customers, detections search would index for amperiod of 12 months and rotate over to a rolling 12-month period.

For Area 1 Horizon Advantage customers, detections search would index for 3 months and rotate over to a rolling 3-month period.