Capturing valid outbound Gmail requires a keyword (msgbody) due to keepalive

A policy looking at mail.google.com will be triggered by a keepalive that gmail sends every 6 minutes when left open. The keepalive contains a lot of data but no msgbody.

Add the keyword "msgbody" to the relevant policy. When you click on the "Message Body" section of the incident report, you should be able to view the message. If you search the "Message Body" section you should see values similar to : name: msgbody value: (body)