{
Name = "microsoft-exchange-str-email-receive-success-inbound"
Vendor = "Microsoft"
Product = "Microsoft Exchange"
TimeFormat = "epoch_sec"
Conditions = [
"""archive["""
""" inbound """
]
Fields = [
"""archive\[\d+\]:\s+({message_id}\S+)\s+({time}\d{10}).*?<({email_address}([A-Za-z0-9]+[!#$%&'+\/=?^_`~.\-])*[A-Za-z0-9]+@({email_domain}[^\]\s"\\,;\|]+\.[^\]\s"\\,;\|]+))>\s+({dest_email_address}([A-Za-z0-9]+[!#$%&'+\/=?^_`~.\-])*[A-Za-z0-9]+@({dest_email_domain}[^\]\s"\\,;\|]+\.[^\]\s"\\,;\|]+))\s+\S+\s+({direction}inbound)"""
]
DupFields = [
"dest_email_address->email_recipients"
]
ParserVersion = "v1.0.0"
}