Targeted Threat Protection - URL Protect Logs

Document created by user.oxriBaJeN4 Employee on Oct 6, 2015Last modified by user.oxriBaJeN4 Employee on Sep 10, 2018
Version 13Show Document
  • View in full screen mode

Targeted Threat Protection builds on Mimecast’s security services to protect organizations against the growing threat posed by advanced phishing and spear-phishing attacks in inbound email. This extends to all end user devices and applications where the link is accessed from, and full logging provides administrative visibility, real-time alerts, and auditing of user clicks.

 

The Targeted Threat Protection - URL Protect Dashboard allows you to view the log file details for each link clicked on by end users, that were protected by URL Protect. Additionally, you can:

  • Block or allow the URL.
  • Filter the logs displayed.
  • Export the logs data.

 

Viewing Logs


To view URL Protection Logs:

  1. Log on to the Administration Console.
  2. Click on the Administration menu item. A menu drop down is displayed.
  3. Click on the Services | URL Protection menu item.
  4. Click the Logs button. The list of log files is displayed.
  5. Click on a log entry to display the full URL, and a consolidated view of its associated detail including the:
    • Definition applied
    • Result of the security scan.

 

The Logs Queue

 

Above the search bar, the following features are available:

ButtonDescription
Export DataAllows administrators to export various log information in either .CSV or .XLS format.
ViewDisplays various options to filter the logs data displayed in a drop down menu. 
URL DecoderAllows administrators to see the real URL without clicking on it. View the Targeted Threat Protection: Decoding / Checking URLs page for further information on decoding the Targeted Threat Protection URLs.
Check URL

Allows administrators to check whether a URL is safe using a variety of scanning options. View the Targeted Threat Protection: Decoding / Checking URLs page for further information.


The various columns displayed are:

ColumnDescription
From / To The From / To email address associated with the email / link.
SubjectThe subject of the email / link.
DefinitionDisplays the Targeted Threat Protection definition applied.
URLThe URL of the link the user clicked on.
Scan ResultDisplays the results from the scan engine; malicious or clean.
Action Displays the action taken, allowing administrators to decode the Targeted Threat Protection URLs.
Admin OverrideDisplays whether the administrator overrode the policy.
User AwarenessDisplays whether user awareness is enabled in the definition and applied to the URL.
Date TimeDisplays the date and time of the incident.
RouteDisplays the route of the URL inbound or outbound.

 

Blocking / Allowing a URL

 

Logs Allow BlockClick on any individual log entry to display the full URL, and a consolidated view of its associated log detail. With the detail displayed, you have the option to auto-create URL entries in the allow and block override list.

 

To allow a URL:

  1. Select the Add to Allow button. A confirmation message is displayed confirming the allow.
  2. Select OK to return to the log record.
  3. Select Go Back to return to the list of log records.

 

To block a URL:

  1. Select the Add to Block button. A confirmation message is displayed confirming the block.
  2. Select OK to return to the log record.
  3. Select Go Back to return to the list of log records.

 

Exporting Data

 

Export LogsAdministrators can export the various columns of the Targeted Threat Protection logs. To export logs data:

  1. Click on the Export Data button.
  2. Check the Boxes of the columns you wish to include in the export.
  3. From the File Format drop down menu, select either: 
    • .CSV
    • .XLS
  4. From the Export Option drop down menu, select either: 

    • Download 
    • Send Mail
  5. Once completed, click on the Export button. 

 

See Also...

 

Attachments

    Outcomes