Security Operations Integration - Email Search and Delete flow

  • Release version: Australia
  • Updated March 12, 2026
  • 1 minute to read

    • The Security Operations Integration - Email Search and Delete flow returns the number of threat emails from an email server search and, optionally, return details for each email found. After the email search is completed, you can delete the emails.

    Before you begin

    Role required: sn_si.analyst

    About this task

    The search query can take some time to complete. After the count is received, approval is required to delete emails from an email server.

    This flow is triggered by the Delete from Email Server(s) and Search on Email Server(s) buttons on the Email Search form in a security incident. For more information, see Search for and delete phishing emails.

    Figure 1. Email Search and Delete
    Security Operations integration - Email Search and Delete flow

    Activities specific to this flow are described here. For more information on other activities, see Common Security Operations integration flows and orchestration activities.

    The flow process activities include: