Description

Is it possible to isolate incoming or outgoing emails by a specified domain name?

The eDP O365 Graph Collection Task is not designed to isolate emails by specific Domains.  The 'Participants' section is designed to search based on individual email addresses.

The 'Participants' section of the O365 Graph Collection Task, requires the use of the definition from/to/cc/bcc as well as the complete email address.
Example: from:john_doe@veritas.com OR to:john_doe@veritas.com OR cc:john_doe@veritas.com OR bcc:john_doe@veritas.com

Without using the appropriate syntax, the values inserted into the 'Participants' section are treated as keywords and the results are unpredictable.

Alternative Method of Isolating emails by Domain:

Once the Collection Set has been ingested into the case, the Domains of interested can be found and foldered.
Analysis & Review > Advanced Search > Participants
Enter the Domain name (one Domain per line)
Check the box for 'Search in contained senders and/or recipients' (selected by default)
Select 'Run Search'



► Then folder all of the results to isolate those specific emails.