Need assitance on exporting Transport rules incident report as CSV
Hello All,
I have enabled a Incident report on Transport Rules in Exchange 2016. It sends a below information to specific mailbox.
I would like to get this as report in Csv format. where the below mentioned headings as colums. Is it possible?
I already tried the Search-Mailbox -logonly option, but it does not show the below information in csv.
Report Id: xxxxxxxxxxxxxxxxxxxxxxxxxx
This email was automatically generated by the Generate Incident Report action.
Message Id: xxxxxxxxxxxxxxxxxxxxxxxxxx
Sender: xxxxxxxxxxxxxxxxxx
Subject : ABC
To: xyz@abc.com
Severity: High
Override: No
False Positive: No
Data Classification: Credit Card Number, Count: 1, Unique Count: 1, Confidence: 80, Recommended Minimum Confidence: 85, Location: CCD.txt
Rule Hit: Sensitive information, Action: AuditSeverityLevel, RejectMessage, GenerateIncidentReport
Location: CCD.txt
ID Match: Credit Card Number, Value: xxxxxxxxxxxxx,
Context: Credit Card xxxxxxxxxxxxxxx
Thanks
Krish
I have enabled a Incident report on Transport Rules in Exchange 2016. It sends a below information to specific mailbox.
I would like to get this as report in Csv format. where the below mentioned headings as colums. Is it possible?
I already tried the Search-Mailbox -logonly option, but it does not show the below information in csv.
Report Id: xxxxxxxxxxxxxxxxxxxxxxxxxx
This email was automatically generated by the Generate Incident Report action.
Message Id: xxxxxxxxxxxxxxxxxxxxxxxxxx
Sender: xxxxxxxxxxxxxxxxxx
Subject : ABC
To: xyz@abc.com
Severity: High
Override: No
False Positive: No
Data Classification: Credit Card Number, Count: 1, Unique Count: 1, Confidence: 80, Recommended Minimum Confidence: 85, Location: CCD.txt
Rule Hit: Sensitive information, Action: AuditSeverityLevel, RejectMessage, GenerateIncidentReport
Location: CCD.txt
ID Match: Credit Card Number, Value: xxxxxxxxxxxxx,
Context: Credit Card xxxxxxxxxxxxxxx
Thanks
Krish
Vasil Michev (MVP)
The only way to get this exact information in a CSV file is to use some EWS code to locate the message inside the mailbox you use for incident reports and fetch the content from there. You can just fetch the incident report from the message tracking logs instead: https://docs.microsoft.com/en-us/exchange/view-dlp-policy-detection-reports-exchange-2013-help
ASKER
Hi Vasil,
Can you please provide some tutorials or articles which describes the example EWS code on listing email items from mailbox?
Thanks
Krish
Can you please provide some tutorials or articles which describes the example EWS code on listing email items from mailbox?
Thanks
Krish
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.