O365URLTimeOfClickActivity Class

Extends the Common schema with the properties specific to Office 365 Advanced Threat Protection and Threat Intelligence data. Office 365 Advanced Threat Protection (ATP) and Threat Intelligence events are available for Office 365 customers who have an ATP, Threat Intelligence, or E5 subscription. Each event in the ATP and Threat Intelligence feed corresponds to the URLs clicked by a user in the organization that were detected as malicious at time-of-click based on Office 365 ATP Safe Links protection.
Inheritance Hierarchy
SystemObject
  Aspose.Email.Clients.ActivityContent
    Aspose.Email.Clients.ActivityO365URLTimeOfClickActivity

Namespace:  Aspose.Email.Clients.Activity
Assembly:  Aspose.Email (in Aspose.Email.dll) Version: 21.3
Syntax
public class O365URLTimeOfClickActivity : Content

The O365URLTimeOfClickActivity type exposes the following members.

Constructors
  NameDescription
Public methodO365URLTimeOfClickActivity
Initializes a new instance of the O365URLTimeOfClickActivity class
Properties
  NameDescription
Public propertyAppName
Office 365 service from which the URL was clicked (e.g. Mail). Mandatory: Yes
Public propertyBlocked
This is true if the URL click is blocked by Office 365 ATP Safe Links protection. Mandatory: Yes
Public propertyClickedThrough
This is true if the URL block is clicked through (overridden) by the user based on the organization's policies for Office 365 ATP Safe Links protection. Mandatory: Yes
Public propertyClientIP
The IP address of the device that was used when the activity was logged. The IP address is displayed in either an IPv4 or IPv6 address format. Mandatory: Yes
(Inherited from Content.)
Public propertyCreationTime
The date and time in Coordinated Universal Time (UTC) when the user performed the activity. Mandatory: Yes
(Inherited from Content.)
Public propertyId
Unique identifier of an audit record. Mandatory: Yes
(Inherited from Content.)
Public propertyObjectId
For SharePoint and OneDrive for Business activity, the full path name of the file or folder accessed by the user. For Exchange admin audit logging, the name of the object that was modified by the cmdlet. Mandatory: No
(Inherited from Content.)
Public propertyOperation
The name of the user or admin activity. For a description of the most common operations/activities, see Search the audit log in the Office 365 Protection Center. For Exchange admin activity, this property identifies the name of the cmdlet that was run. For Dlp events, this can be "DlpRuleMatch", "DlpRuleUndo" or "DlpInfo", which are described under "DLP schema" below. Mandatory: Yes
(Inherited from Content.)
Public propertyOrganizationId
The GUID for your organization's Office 365 tenant. This value will always be the same for your organization, regardless of the Office 365 service in which it occurs. Mandatory: Yes
(Inherited from Content.)
Public propertyRecordType
The type of operation indicated by the record. Mandatory: Yes
(Inherited from Content.)
Public propertyResultStatus
Indicates whether the action (specified in the Operation property) was successful or not. Possible values are Succeeded, PartiallySucceded, or Failed. For Exchange admin activity, the value is either True or False. Mandatory: No
(Inherited from Content.)
Public propertyScope
Was this event created by a hosted O365 service or an on-premises server? Possible values are online and onprem. Note that SharePoint is the only workload currently sending events from on-premises to O365. Mandatory: No
(Inherited from Content.)
Public propertySourceId
Identifier for the Office 365 service from which the URL was clicked (e.g. for Mail, this is the Exchange Online Network Message Id). Mandatory: Yes
Public propertyTimeOfClick
The date and time in Coordinated Universal Time (UTC) when the user clicked the URL. Mandatory: Yes
Public propertyURL
URL clicked by the user. Mandatory: Yes
Public propertyUserId
The UPN (User Principal Name) of the user who performed the action (specified in the Operation property) that resulted in the record being logged; for example, my_name@my_domain_name. Note that records for activity performed by system accounts (such as SHAREPOINT\system or NT AUTHORITY\SYSTEM) are also included. Mandatory: Yes
(Inherited from Content.)
Public propertyUserIp
The IP address for the user who clicked the URL. The IP address is displayed in either an IPv4 or IPv6 address format. Mandatory: Yes
Public propertyUserKey
An alternative ID for the user identified in the UserId property. For example, this property is populated with the passport unique ID (PUID) for events performed by users in SharePoint, OneDrive for Business, and Exchange. This property may also specify the same value as the UserID property for events occurring in other services and events performed by system accounts. Mandatory: Yes
(Inherited from Content.)
Public propertyUserType
The type of user that performed the operation. Mandatory: Yes
(Inherited from Content.)
Public propertyWorkload
The Office 365 service where the activity occurred in the Workload string. The possible values for this property are: Exchange SharePoint OneDrive AzureActiveDirectory SecurityComplianceCenter Sway ThreatIntelligence Mandatory: No
(Inherited from Content.)
Methods
  NameDescription
Public methodEquals (Inherited from Object.)
Protected methodFinalize (Inherited from Object.)
Public methodGetHashCode (Inherited from Object.)
Public methodGetType (Inherited from Object.)
Protected methodMemberwiseClone (Inherited from Object.)
Public methodToString (Inherited from Object.)
See Also