SendGrid¶
About¶
SendGrid is a cloud-based SMTP provider that allows you to send email without having to maintain email servers. SendGrid manages all of the technical details, from scaling the infrastructure to ISP outreach and reputation monitoring to whitelist services and real time analytics.
Product Details¶
Vendor URL: Sendgrid
Product Type: Email Distribution
Product Tier: Tier III
Integration Method: API
Parser Details¶
Log Format: JSON
Expected Normalization Rate: 100%
Data Label: SENDGRID
UDM Fields (list of all UDM fields leveraged in the Parser):
| Log File Field | UDM Field |
|---|---|
| action | security_result.action_details |
| asm_group_id | additional.fields |
| attempt | security_result.about.labels |
| category | security_result.category_details |
| principal.email | |
| target.email | |
| event | metadata.product_event_type |
| ip | principal.ip |
| ip | target.ip |
| reason | security_result.description |
| response | network.http.response_code |
| response | security_result.summary |
| sg_event_id | metadata.product_log_id |
| sg_message_id | additional.fields |
| smtp-id | additional.fields |
| tls | network.tls.established |
| url | target.url |
| useragent | network.http.user_agent |
Product Event Types¶
| Event | UDM Event Classification |
|---|---|
| click, open | NETWORK_HTTP |
| Generic | GENERIC_EVENT |
| group_unsubscribe, group_resubscribe | GROUP_MODIFICATION |
| delivered | NETWORK_SMTP |
Log Sample¶
{"email":"securityteam@example.org","event":"delivered","ip":"10.10.1.1","response":"250 2.6.0 <a0AbcDGf12a2cabc12@example-ismtpd-2> [InternalId=123456789123456, Hostname=INTERMEDIARY.host03.prod.outlook.com] 12256 bytes in 0.123, 96.865 KB/sec Queued mail for delivery","sg_event_id":"ABCDEFJHIJKLMNOP123456789","sg_message_id":"a0AbcDGf12a2cabc12.example-1a2b3c4d5c-abcd-1-1234567-16D.1","smtp-id":"<a0AbcDGf12a2cabc12@example-ismtpd-2>","timestamp":1699983079,"tls":1}
Sample Parsing¶
additional.fields["sg_message_id"] = "a0AbcDGf12a2cabc12.filterdrecv-1a2b3c4d5c-abcd-1-1234567-16D.1"
additional.fields["smtp-id"] = "<a0AbcDGf12a2cabc12@example-ismtpd-2>"
intermediary.hostname = "INTERMEDIARY.host03.prod.outlook.com"
intermediary.namespace = "clientzeroidp"
metadata.event_type = "NETWORK_SMTP"
metadata.log_type = "SENDGRID"
metadata.product_event_type = "delivered"
metadata.product_log_id = "ABCDEFJHIJKLMNOP123456789"
network.application_protocol = "SMTP"
network.smtp.server_response = "250"
network.tls.established = true
principal.ip = "10.10.1.1"
principal.namespace = "clientzeroidp"
security_result.about.labels.key = "SMTP Status Code:"
security_result.about.labels.value = "2.6.0"
security_result.about.namespace = "clientzeroidp"
security_result.summary = "250 2.6.0 <a0AbcDGf12a2cabc12@example-ismtpd-2> [InternalId=123456789123456, Hostname=INTERMEDIARY.host03.prod.outlook.com] 12256 bytes in 0.123, 96.865 KB/sec Queued mail for delivery"
target.email = "securityteam@example.org"
target.hostname = "securityteam"
target.namespace = "clientzeroidp"
Rules¶
Coming Soon