哪个警报时间戳(createTime 或 endTime)与电子邮件的时间相关 "REMOVED_FROM_INBOX"
Which alert timestamp (createTime or endTime) correlates to the time an email was "REMOVED_FROM_INBOX"
如果 systemActionType 状态为“REMOVED_FROM_INBOX”,是否有人知道警报中显示的哪个时间戳与电子邮件从收件箱中删除的实际时间相关?
我的问题特定于“Gmail 网络钓鱼”警报源 (https://developers.google.com/admin-sdk/alertcenter/reference/alert-types)。我还没有看到在网络钓鱼重新分类的警报 createTime 之后的结束时间,并且对警报类型页面和定义的审查让我假设 createTime 是使用的正确时间……但这让我对为什么感到困惑这些类型有一个结束时间。
Key/Value
Description
Phishing reclassification
Unopened messages that are detected as phishing post-delivery are automatically reclassified and removed from the user's inbox.
createTime
Output only. The time this alert was created.
endTime
Optional. The time the event that caused this alert ceased being active. If provided, the end time must not be earlier than the start time. If not provided, it indicates an ongoing alert.
示例警报
"customerId": "<removed>",
"alertId": "<removed>",
"createTime": "2021-03-11T18:25:47.538082Z",
"startTime": "2021-03-11T13:19:50.374062Z",
"endTime": "2021-03-11T17:53:54.482936Z",
"type": "Phishing reclassification",
"source": "Gmail phishing",
"data": {
"@type": "type.googleapis.com/google.apps.alertcenter.type.MailPhishing",
"domainId": {
"customerPrimaryDomain": "<removed>"
},
"maliciousEntity": {
"fromHeader": "<removed>"
},
"messages": [
{
"messageId": "<removed>",
"md5HashMessageBody": "<removed>",
"md5HashSubject": "<removed>",
"attachmentsSha256Hash": [
"<removed>"
],
"recipient": "<removed>",
"date": "2021-03-11T13:19:50.374062Z"
}
],
"isInternal": true,
"systemActionType": "REMOVED_FROM_INBOX"
},
"metadata": {
"customerId": "<removed>",
"alertId": "<removed>",
"status": "NOT_STARTED",
"updateTime": "2021-03-11T18:25:47.538082Z",
"severity": "MEDIUM",
"etag": "<removed>"
}
API Link 如果您愿意:https://developers.google.com/admin-sdk/alertcenter/reference/rest/v1beta1/alerts
答案:
在 Phishing reclassification 提醒中,每封邮件从收件箱中删除(重新分类时)的日期对应于每封邮件中的 date 字段:
{
"data": {
"messages": [
{
"date": "2021-03-11T13:19:50.374062Z"
}
]
}
}
您会注意到它对应于 startTime 中的日期。这是因为 startTime 对应于报告中第一条消息被重新分类的日期(因为这是此警报中的第一条也是唯一一条重新分类的消息)。
在问题跟踪器中报告:
GmailMessageInfo 的文档对此并不清楚,因为 date 仅在某些警报类型中对应于 The date the malicious email was sent。
因此,我在问题跟踪器中报告了一个文档错误:
如果 systemActionType 状态为“REMOVED_FROM_INBOX”,是否有人知道警报中显示的哪个时间戳与电子邮件从收件箱中删除的实际时间相关?
我的问题特定于“Gmail 网络钓鱼”警报源 (https://developers.google.com/admin-sdk/alertcenter/reference/alert-types)。我还没有看到在网络钓鱼重新分类的警报 createTime 之后的结束时间,并且对警报类型页面和定义的审查让我假设 createTime 是使用的正确时间……但这让我对为什么感到困惑这些类型有一个结束时间。
| Key/Value | Description |
|---|---|
| Phishing reclassification | Unopened messages that are detected as phishing post-delivery are automatically reclassified and removed from the user's inbox. |
| createTime | Output only. The time this alert was created. |
| endTime | Optional. The time the event that caused this alert ceased being active. If provided, the end time must not be earlier than the start time. If not provided, it indicates an ongoing alert. |
示例警报
"customerId": "<removed>",
"alertId": "<removed>",
"createTime": "2021-03-11T18:25:47.538082Z",
"startTime": "2021-03-11T13:19:50.374062Z",
"endTime": "2021-03-11T17:53:54.482936Z",
"type": "Phishing reclassification",
"source": "Gmail phishing",
"data": {
"@type": "type.googleapis.com/google.apps.alertcenter.type.MailPhishing",
"domainId": {
"customerPrimaryDomain": "<removed>"
},
"maliciousEntity": {
"fromHeader": "<removed>"
},
"messages": [
{
"messageId": "<removed>",
"md5HashMessageBody": "<removed>",
"md5HashSubject": "<removed>",
"attachmentsSha256Hash": [
"<removed>"
],
"recipient": "<removed>",
"date": "2021-03-11T13:19:50.374062Z"
}
],
"isInternal": true,
"systemActionType": "REMOVED_FROM_INBOX"
},
"metadata": {
"customerId": "<removed>",
"alertId": "<removed>",
"status": "NOT_STARTED",
"updateTime": "2021-03-11T18:25:47.538082Z",
"severity": "MEDIUM",
"etag": "<removed>"
}
API Link 如果您愿意:https://developers.google.com/admin-sdk/alertcenter/reference/rest/v1beta1/alerts
答案:
在 Phishing reclassification 提醒中,每封邮件从收件箱中删除(重新分类时)的日期对应于每封邮件中的 date 字段:
{
"data": {
"messages": [
{
"date": "2021-03-11T13:19:50.374062Z"
}
]
}
}
您会注意到它对应于 startTime 中的日期。这是因为 startTime 对应于报告中第一条消息被重新分类的日期(因为这是此警报中的第一条也是唯一一条重新分类的消息)。
在问题跟踪器中报告:
GmailMessageInfo 的文档对此并不清楚,因为 date 仅在某些警报类型中对应于 The date the malicious email was sent。
因此,我在问题跟踪器中报告了一个文档错误: