| id |
string |
Unique incident identifier. |
| sender |
string |
Email address of the message sender. |
| subject |
string |
Email message subject line. |
| status |
string |
Current status or verdict for the email message. |
| severity |
string |
Incident severity based on data pattern sensitivity. |
| data_patterns |
array |
Data patterns that matched in the email content. |
| match_count |
integer |
Total number of data pattern matches across all patterns. |
| timestamp |
string |
Timestamp when the incident was detected. |
| has_attachments |
boolean |
Whether the email contained attachments. |
| attachment_count |
integer |
Number of attachments in the email. |
| direction |
string |
Direction of the email message. |
| action_taken |
string |
Automated action taken on the message. |
| reviewed_by |
string |
Email address of the analyst who reviewed the incident. |
| reviewed_at |
string |
Timestamp when the incident was last reviewed. |
| comment |
string |
Comment added during verdict review. |