1. Parse Email 1. Time sent 1. Sep, 17, 2024, 12:05 PM 2. SMTP Address 3. Sender Address 1. 64.233.180.27 2. [email protected] 4. Recipient Address 1. 172.16.20.3 2. [email protected] 5. Content Suspicious? 1. Either impersonating a report or not suspicious 6. Attachments? 1. no Email security Log Management ![[Pasted image 20250415192430.png]] ![[Pasted image 20250415192626.png]] False Positive --- I screwed up by clicking on the wrong Email Security log. The correct one has a hyperlink included in the phishing domain section, where the real alert does not include hyperlinks.![[Pasted image 20250415193126.png]]