Email Activity View
From the Email Activity view, in the Email Diary, you can review and filter information about emails sent from email clients on ObserveIT monitored endpoints. Tracking emails sent and related metadata can help you identify instances of data exfiltration.
For more information, see Email Clients Monitoring and Visibility.
To open the Email Activity view
-
From the Email Diary, the Email Activity page opens by default, showing a list of email activities during the default period of time (Last Month). By default, the Email Activity View displays file events in reverse chronological order, so that the most recent events appear at the top of the list, making them easy to identify.
The number of activities on the page out of the total number of activities is displayed. By default, the page shows up to 20 activities; you can change the default by selecting 50 or 100 from the Items per page drop-down list above the table.
For each email sent, the following information is displayed according to the filters you define.
| Field | Description |
|---|---|
| Time |
Time the email activity took place. An alert bell icon |
| Subject | Subject field of the email. |
| From | From field of the email. |
| Recipients | All recipients, from the To, Cc and Bcc fields of the email. |
| Attachments |
Filename(s) and file size of email attachments. If the a MIP label has been assigned to the attachment, it will display when you hover over it. |
| Login | Login name of the user that ran the session in which the email activity occurred. |
| Endpoint Name/IP |
Endpoint name or IP address of the endpoint on which the email activity occurred. See Viewing Endpoint and Client Names and IP Addresses. |
|
Clicking the icon opens to the Timeline view. (See Session Details Views.) |
|
Video icon |
Clicking the video icon alongside an activity enables you to replay a video of the session. The Session Player opens at the exact location at which the activity occurred (see Replaying User Sessions). |
Each line in the view, represents an email sent. When you click the drop-down arrow 
, the email details are displayed. The details show the subject, to and from of the email. If a file is attached to the email, you can see that as well.
If you hover over an attached file, you can see any MIP label details.
The table describes the available filters you can use when displaying Email activity.
|
Filter |
Description |
|---|---|
| Period | Time period or date range during which the email events occurred. |
| Subject | Some or all of the text from the email Subject field. |
| From | Some or all of the text from the email From field. |
| Recipient | Some or all of the text from the email To field. |
| Recipient domains |
Domains to which email was sent. Select the domain from the drop-down list. This list is aggregated from all the domains to which the user sent emails.
|
| Recipient domains type |
Show emails
|
| Attachment name | Filename of the attachment. |
| Attachment existence | Show emails with which have or do have attachments. The options are Any, Has attachment, Without attachment. |
| Endpoint | Show email activities according to the endpoints on which the email activity occurred, select a specific endpoint from the list of available endpoints, or select All. |
| User Login | Show email events according to the login name of the user that ran the session in which the email activities occurred, select a specific login/ name from the list, or select All. |
Click 
for More Filters.
| Field | Description |
|---|---|
| To: | Filter by monitored email To field. You can include all or part of the text. |
| Cc | Filter by monitored email Cc field. You can include all or part of the text. |
| Bcc | Filter by monitored email Bcc field. You can include all or part of the text. |
|
Total attachment size |
Maximum or minimum size of all file attachments to the email. File size is in KB. (The conversion ration is 1 KB is 1000 bytes.) |
Related Topics: