Detection Search
Detection search allows you to search through and view all emails that Area 1 has marked with a detection disposition. All messages include the raw message with its headers, as well as any associated Area 1 dispositions and processing information.
You would commonly use Detection Search to get visibility into why and when Area 1 marked a message with a specific disposition.
Use Detection Search
To access Detection Search in the dashboard:
- Log in to the Area 1 dashboard.
- Select the Search bar.
- Enter anything related to a specific detection (for more guidance, refer to search tips).
- Review the results.
- To view the information contained in an email, including a protected preview and the raw SMTP headers, select Details. You can also Download a message.
Search tips
Parameter filtering
To search for specific values in one of the available parameters, format your search to be:
<<FIELD_NAME>>:<<VALUE>>
For example, you might search for final_disposition:MALICIOUS
. Refer to our reference material for a full list of dispositions.
message_id
For normal queries, spaces split search terms into different values. For example, billing statement
would look for all messages that contain both billing
and statement
.
However, spaces, quotations, and other characters are sometimes part of the message_id
parameter. To ensure these values are included as part of filtering on the message ID, you should prefix the message_id
value with message_id
.
For example, the following query would find all messages that contain the terms billing
and statement
and have a message_id
equal to <Amazon aws Support@email.amazonses.com>
.
billing statement message_id:<Amazon aws Support@email.amazonses.com>
Additional notes
When searching for phrases, some terms — such as words less than three characters and certain escape words like and
, the
, then
, their
— are not tokenized. Our search will automatically ignore these terms, both in your search query and in the proposed results.