cloudflare · Maddy-Cloudflare · Feb 27, 2025 · Feb 27, 2025 · Feb 27, 2025 · Feb 27, 2025
@@ -427,6 +427,12 @@
 /cloudflare-one/insights/email-monitoring/email-security-logs/ /cloudflare-one/insights/email-monitoring/enable-logs/ 301
 /cloudflare-one/insights/email-monitoring/phishing-report/ /cloudflare-one/insights/email-monitoring/download-disposition-report/ 301
 
+/cloudflare-one/insights/email-monitoring/download-disposition-report/ /cloudflare-one/email-security/email-monitoring/download-disposition-report/ 301
+/cloudflare-one/insights/email-monitoring/ /cloudflare-one/email-security/email-monitoring/ 301
+/cloudflare-one/insights/email-monitoring/search-email/ /cloudflare-one/email-security/email-monitoring/search-email/ 301
+/cloudflare-one/insights/email-monitoring/phish-submissions/ /cloudflare-one/email-security/phish-submissions/ 301
+/cloudflare-one/insights/email-monitoring/enable-logs/ /cloudflare-one/insights/logs/enable-logs/ 301 
+
 
 # firewall
 /firewall/api/cf-lists/ /waf/tools/lists/lists-api/ 301

@@ -2,7 +2,7 @@
 title: Auto-move events
 pcx_content_type: how-to
 sidebar:
-  order: 4
+  order: 5
 ---
 
 Auto-move events are events where emails are automatically moved to different inboxes based on the disposition Email Security assigned to them.

@@ -2,7 +2,7 @@
 pcx_content_type: navigation
 title: Detection settings
 sidebar:
-  order: 3
+  order: 4
 ---
 
 import { DirectoryListing } from "~/components"

@@ -2,7 +2,7 @@
 title: Directories
 pcx_content_type: how-to
 sidebar:
-  order: 2
+  order: 3
 ---
 
 Directories are folders to store user data. Email Security allows you to manage directories from the Cloudflare dashboard.

@@ -2,15 +2,15 @@
 title: Email monitoring
 pcx_content_type: how-to
 sidebar:
-  order: 1
+  order: 2
 ---
 
 import { GlossaryTooltip, Render } from "~/components"
 
 Once you have chosen a [domain to scan](/cloudflare-one/email-security/setup/post-delivery-deployment/api/office365-api/#connect-your-domains), Email Security allows you to monitor the traffic scanned from your email inboxes.
 
 :::note
-With Email Security, you can enable logs to send detection data to an endpoint of your choice. Refer to [Email Security logs](/cloudflare-one/insights/email-monitoring/enable-logs/) for more information.
+With Email Security, you can enable logs to send detection data to an endpoint of your choice. Refer to [Enable Email Security logs](/cloudflare-one/insights/logs/enable-logs/) for more information.
 :::
 
 To monitor your inbox:
@@ -25,7 +25,7 @@ The dashboard will display the following metrics:
 - [Disposition evaluation](/cloudflare-one/email-security/reference/dispositions-and-attributes/)
 - Detection details
 - [Impersonations](/cloudflare-one/email-security/detection-settings/impersonation-registry/)
-- [Phish submissions](/cloudflare-one/insights/email-monitoring/phish-submissions/)
+- [Phish submissions](/cloudflare-one/email-security/phish-submissions/)
 - [Auto-move events](/cloudflare-one/email-security/auto-moves/)
 - [Detection settings metrics](/cloudflare-one/email-security/detection-settings/)
 
@@ -78,7 +78,7 @@ Refer to [Trusted domains](/cloudflare-one/email-security/detection-settings/tru
 
 Phishing is a type of attack that involves stealing sensitive information with the aim of using and selling the information.
 
-A phish submission happens when a user or an administrator reports a phishing attack. Refer to [Phish submissions](/cloudflare-one/insights/email-monitoring/phish-submissions/) to learn how to submit a phish.
+A phish submission happens when a user or an administrator reports a phishing attack. Refer to [Phish submissions](/cloudflare-one/email-security/phish-submissions/) to learn how to submit a phish.
 
 Phish submissions displays the following information:
 

@@ -187,13 +187,56 @@ To view status and actions for each email:
 1. On the **Investigation** page, select the three dots.
 2. Selecting the three dots will show you the following options:
    - If the email is quarantined: 
-      - **View details**: Refer to [Email details](/cloudflare-one/insights/email-monitoring/email-details/) to learn more.
+      - **View details**: Refer to [Email details](/cloudflare-one/email-security/email-monitoring/search-email/#email-details) to learn more.
       - **View similar emails**: Find similar emails based on the `value_edf_hash` (Electronic Detection Fingerprint hash).
       - **Release**: Email Security will no longer quarantine your chosen messages.
-      - **Reclassify**: Choose the dispositions of your messages if they are incorrect. Refer to [Reclassify messages](/cloudflare-one/insights/email-monitoring/search-email/#reclassify-messages) to learn more.
+      - **Reclassify**: Choose the dispositions of your messages if they are incorrect. Refer to [Reclassify messages](/cloudflare-one/email-security/email-monitoring/search-email/#reclassify-messages) to learn more.
 3. If the email is not quarantined:
    - **View details**.
    - **View similar emails**.
    - **View submission detail**.
    - [Move](/cloudflare-one/email-security/auto-moves/) (only available if you authorized moves).
-   - [Reclassify](/cloudflare-one/insights/email-monitoring/search-email/#reclassify-messages).
+   - [Reclassify](/cloudflare-one/email-security/email-monitoring/search-email/#reclassify-messages).
+
+## Email details
+
+Email Security shows you the following email detail information:
+
+- Details
+- Action log
+- Raw message
+- Mail trace
+
+### Details
+
+Email Security displays the following details:
+
+1. **Threat type**: Threat type of the email, for example, [credential harvester](/cloudflare-one/email-security/reference/how-es-detects-phish/#credential-harvesters), and [IP-based spam](/cloudflare-one/email-security/reference/how-es-detects-phish/#ip-based-spam).
+2. **Validation**: Email validation methods [SPF](https://www.cloudflare.com/learning/dns/dns-records/dns-spf-record/), [DKIM](https://www.cloudflare.com/learning/dns/dns-records/dns-dkim-record/), [DMARC](https://www.cloudflare.com/learning/dns/dns-records/dns-dmarc-record/).
+3. **Sender details**: Information include:
+   - IP address
+   - Registered domain
+   - Autonomous sys number: This number identifies your [autonomous system (AS)](https://www.cloudflare.com/en-gb/learning/network-layer/what-is-an-autonomous-system/).
+   - Autonomous sys name: This name identifies your autonomous system (AS).
+   - Country
+4. **Links identified**: A list of malicious links identified by Email Security.
+5. **Reasons for disposition**: Description of why the email was deemed as malicious, suspicious, or spam.
+
+### Action log
+
+Action log allows you to review post-delivery actions performed on your selected message. The action log displays:
+
+- **Date**: Date when the post-delivery action was performed.
+- **Activity**: The activity taken on an email. For example, moving the email to the trash folder, releasing a quarantined email, and more.
+
+### Raw message
+
+Raw message allows you to view the raw details of the message. You can also choose to download the email message. To download the message, select **Download .EML**.
+
+### Mail trace
+
+Mail trace allows you to track the path your selected message took from the sender to the recipient. Mail trace displays:
+
+- **Date**: The date and time when the mail was tracked.
+- **Type**: An email can be inbound (email sent to you from another email), or outbound (emails sent from your email address).
+- **Activity**: The activity taken on an email. For example, moving the email to the trash folder, releasing a quarantined email, and more.
@@ -22,4 +22,4 @@ Email Security allows you to:
 - Configure [allow policies](/cloudflare-one/email-security/detection-settings/allow-policies/), [blocked senders](/cloudflare-one/email-security/detection-settings/blocked-senders/), [trusted domains](/cloudflare-one/email-security/detection-settings/trusted-domains/), and [additional detections](/cloudflare-one/email-security/detection-settings/additional-detections/).
 - [Automatically move messages](/cloudflare-one/email-security/auto-moves/) to specific folders based on a [certain disposition](/cloudflare-one/email-security/reference/dispositions-and-attributes/).
 - [Manage directories](/cloudflare-one/email-security/directories/).
-- [Monitor your inbox](/cloudflare-one/insights/email-monitoring/), perform a thorough [search of your email](/cloudflare-one/insights/email-monitoring/search-email/), and download a [disposition report](/cloudflare-one/insights/email-monitoring/download-disposition-report/).
+- [Monitor your inbox](/cloudflare-one/email-security/email-monitoring/), perform a thorough [search of your email](/cloudflare-one/email-security/email-monitoring/search-email/), and download a [disposition report](/cloudflare-one/email-security/email-monitoring/download-disposition-report/).
@@ -2,7 +2,7 @@
 title: Outbound Data Loss Prevention (DLP)
 pcx_content_type: how-to
 sidebar:
-  order: 6
+  order: 7
   badge:
     text: Beta
 ---

@@ -2,7 +2,7 @@
 title: PhishGuard
 pcx_content_type: how-to
 sidebar:
-  order: 5
+  order: 8
 ---
 
 PhishGuard is a managed email security service that provides resources for end-to-end phish and targeted attack management and response. With PhishGuard, you can preemptively block [phishing attacks](https://www.cloudflare.com/en-gb/learning/access-management/phishing-attack/), [malware](https://www.cloudflare.com/en-gb/learning/ddos/glossary/malware/), [Business Email Compromise (BEC)](https://www.cloudflare.com/en-gb/learning/email-security/business-email-compromise-bec/), and vendor email fraud.
@@ -61,7 +61,7 @@ Managed email security operations allows you to review the results of phish subm
 
 It displays the following:
 
-- Total [phish submissions](/cloudflare-one/insights/email-monitoring/phish-submissions/)
+- Total [phish submissions](/cloudflare-one/email-security/phish-submissions/)
 - Tracked incidents
 - Median time to resolve
 - Resolved track incidents

@@ -2,7 +2,7 @@
 title: Phish submissions
 pcx_content_type: how-to
 sidebar:
-  order: 4
+  order: 6
 ---
 
 import { GlossaryTooltip, Render } from "~/components"
@@ -13,9 +13,9 @@ Submitting missed phish samples to Cloudflare is of paramount importance and nec
 
 There are three routes you can use to report an email as a phish:
 
-- Via Investigation, by [reclassifying an email](/cloudflare-one/insights/email-monitoring/phish-submissions/#reclassify-an-email).
-- Via [PhishNet O365](/cloudflare-one/insights/email-monitoring/phish-submissions/#phishnet-o365) or [PhishNet for Google Workspace](/cloudflare-one/insights/email-monitoring/phish-submissions/#phishnet-for-google-workspace), depending on your email provider.
-- Via [Submission addresses](/cloudflare-one/insights/email-monitoring/phish-submissions/#submission-addresses).
+- Via Investigation, by [reclassifying an email](/cloudflare-one/email-security/phish-submissions/#reclassify-an-email).
+- Via [PhishNet O365](/cloudflare-one/email-security/phish-submissions/#phishnet-o365) or [PhishNet for Google Workspace](/cloudflare-one/email-security/phish-submissions/#phishnet-for-google-workspace), depending on your email provider.
+- Via [Submission addresses](/cloudflare-one/email-security/phish-submissions/#submission-addresses).
 
 ## Reclassify an email
 

@@ -2,7 +2,7 @@
 title: Reference
 pcx_content_type: navigation
 sidebar:
-  order: 8
+  order: 9
   group:
     hideIndex: true
 ---

@@ -73,4 +73,4 @@ To view the integration for each connected domain:
 1. Select a domain.
 2. Select the three dots > **View integration**.
 
-Once you have set up Email Security to scan through your inbox, Email Security will display detailed information about your inbox. Refer to [Monitor your inbox](/cloudflare-one/insights/email-monitoring/) to learn more.
+Once you have set up Email Security to scan through your inbox, Email Security will display detailed information about your inbox. Refer to [Monitor your inbox](/cloudflare-one/email-security/email-monitoring/) to learn more.
@@ -2,7 +2,7 @@
 title: Enable Email Security logs
 pcx_content_type: how-to
 sidebar:
-  order: 5
+  order: 9
 ---
 
 Email Security allows you to configure Logpush to send detection data to an endpoint of your choice.

@@ -18,7 +18,7 @@ The dashboard will display the following metrics:
 - [Disposition evaluation](/cloudflare-one/email-security/reference/dispositions-and-attributes/)
 - Detection details
 - [Impersonations](/cloudflare-one/email-security/detection-settings/impersonation-registry/)
-- [Phish submissions](/cloudflare-one/insights/email-monitoring/phish-submissions/)
+- [Phish submissions](/cloudflare-one/email-security/phish-submissions/)
 - [Auto-move events](/cloudflare-one/email-security/auto-moves/)
 - [Detection settings metrics](/cloudflare-one/email-security/detection-settings/)
 

@@ -28,7 +28,7 @@ There are three ways for searching emails:
 - Regular screen: A regular screen allows you to investigate your inbox by inserting a term to screen across all criteria.
 - Advanced screen: The advanced screen criteria gives you the option to narrow message results based on specific criteria. The advanced screen has several options (such as keywords, subject keywords, sender domain, and more) to scan your inbox.
 
-Additional information on search can be found on the [Screen criteria](/email-security/reporting/search/) documentation.
+Additional information on search can be found on the [Screen criteria](/cloudflare-one/email-security/email-monitoring/search-email/#screen-criteria) documentation.
 
 ### Export messages
 

@@ -7,10 +7,10 @@ sidebar:
 
 While Email Security offers industry leading detection efficacy due to Cloudflare's Threat Intelligence, Preemptive Threat Hunting (actor and campaign infrastructure hunting with 8B, plus campaign threat signals assessed every day) and ML-Based Detection Models (Trust Graphs Computer Vision, Sentiment/Thread/Structural Analysis, Industry/Natural Language Understanding Modeling) false negatives and false positive can occur.
 
-There are two different ways to [submit a phish](/cloudflare-one/insights/email-monitoring/phish-submissions/) sample:
+There are two different ways to [submit a phish](/cloudflare-one/email-security/phish-submissions/) sample:
 
 - User submission:
-    - Submitted directly by the end user, and used with phish submission buttons. To learn more about user-submitted phish, refer to [PhishNet for Microsoft O365](/cloudflare-one/insights/email-monitoring/phish-submissions/#phishnet-o365).
+    - Submitted directly by the end user, and used with phish submission buttons. To learn more about user-submitted phish, refer to [PhishNet for Microsoft O365](/cloudflare-one/email-security/phish-submissions/#phishnet-o365).
     - User submissions can create another challenge for your organization. While it is important for end users to be vigilant and report what they believe may be a phishing email, they are often wrong. About 90% of the time, when an end user reports a missed phishing email, they are mistaken. This puts an extra burden on busy security teams as they sift through end user reports. The PhishGuard team at Cloudflare can solve this problem for your organization by reviewing end user submissions for you.
 - Admin submission:
     - To be used when IT administrators or security teams submit to Email Security. Submit original phish samples as an attachment in EML format to the appropriate team submission address.