Edit

compromiseIndicator resource type

Namespace: microsoft.graph.security

Represents an indicator and its associated verdict that suggests whether an email is compromised. The resource combines specific indicators found in the email with categorized verdicts to help identify potential security threats like malware, phishing attempts, or spam. It is returned in the compromiseIndicators property of detonationDetails.

Properties

Property Type Description
value String Indicator.
verdict microsoft.graph.security.verdictCategory The possible values are: none, malware, phish, siteUnavailable, spam, decryptionFailed, unsupportedUriScheme, unsupportedFileType, undefined, unknownFutureValue.

verdictCategory values

Member
none
malware
phish
siteUnavailable
spam
decryptionFailed
unsupportedUriScheme
unsupportedFileType
undefined
unknownFutureValue

Relationships

None.

JSON representation

The following JSON representation shows the resource type.

{
  "@odata.type": "#microsoft.graph.security.compromiseIndicator",
  "verdict": "String",
  "value": "String"
}