Threat Remediation: Removing / Restoring Messages

Document created by user.Yo2IBgvWqr Employee on Jun 28, 2018Last modified by user.oxriBaJeN4 on Jul 16, 2018
Version 10Show Document
  • View in full screen mode

Incidents correspond to a remediation event, and display all the associated messages, by recipient. After viewing an incident, you can perform the following actions:

  • Remove an attachment / message from the user's mailbox, if it's found to be malicious post delivery.
  • Restore a removed message to the user's mailbox, if it's found to be safe post remediation.
  • Export incident data displayed in the queue, or the message data in an individual incident, to a file.

 

Viewing Message Details

Message Details

 

Viewing a message's details allows you to investigate a potential threat, or the history of a message. The information displayed includes:

  • A summary of the message.
  • The message body.
  • Any associated attachments.
  • The current status of the message.

To view the message details in an incident:

  1. Click on an incident from the Incidents queue. Any associated messages display, with each message on a single row.
  2. Click on a message in the list. The Message Details panel slides into view.
  3. Message information displays in the following tabs / sections:
    TabSectionDescription / Function
    Message
    Use the left / right arrows in the top right corner to quickly switch between messages, without leaving the Message Details panel.
    SummaryDisplays a summary of the message, including the sender, recipient, and subject, and the time the email was sent and processed.
    AttachmentsDisplays any associated attachments. If you need to download an attachment:
    1. Click on the three dot icon.
    2. Click on the Download button. The attachment downloads to your machine's desktop.
    Message BodyDisplays the body of the message in HTML format by default. Optionally:
    1. Click on the View drop down menu to switch between HTML and Plain Text format.
    2. Click on the Display Images button to display any images. These are hidden by default for security reasons.
    RecipientsRecipients / Message StatusDisplays all recipients of the message and the current message status. You can search for a particular user in the Search Recipients field.
  4. Click on the x button in the top right corner to exit the panel.
  5. To return to the main Incidents queue, click on the Incidents link in the top menu as shown below:
    Incident Queue

Removing Messages

 

If a message turns out to be a threat post delivery, and you want to manually remove it from the user's mailbox:

  1. Click on the incident from the Incidents queue. The associated messages display.
  2. Click on the Remove Messages button. A popup box is displayed to confirm the request.
  3. Enter a Reason for the removal. This is a mandatory step and is logged.
  4. Click on the Remove button. The message is removed and the user is notified.
    It may take several minutes for the message to be removed. Once complete, the number of "Removed Messages" for the incident is updated in the Incidents queue. Even though the removed message is hidden from the user, it's still available to the administrator and remains in the archive.
  5. A "Remove" incident is created and a temporary popup box displays to confirm your request. 
  6. Click on the View Incident button on the popup message to view the incident.

 

Restoring Messages

 

If a removed message turns out to be safe, and you want to manually restore it to the user's mailbox:

  1. Restore MessagesClick on the incident from the Incidents queue. The associated messages display.
  2. Click on the Restore Messages button. A popup box displays to confirm the request.
  3. Enter a Reason for the restore. This is mandatory and is logged in the new incident.
  4. Click on the Restore button. The messages are restored to the user's mailbox.
  5. A new restore incident is created and a temporary popup box displays to confirm your request. 
  6. Click on the View Incident button on the popup message to view the new restore incident.

 

See Also...

 

Attachments

    Outcomes