This page demonstrates how the Threat Dashboard provides insights into threats blocked by Mimecast security scanning technologies. By examining your tenants data, the dashboard provides a high level overview of:
- The threats and risks that your organization is facing today.
- Allows you to examine what you are facing within (by default) the past 30 days.
The dashboard also enables you to drill into information about users most targeted, current threats detected, the volume of attacks, and trends related to malicious attachments seen in your tenant. A feed can also be used to return identified malware threats at a customer or regional grid level. See the article Get Threat Intel Feed for further information.
* Threat Dashboard and Threat Intel APIs are included as standard features only for customers with the Mail Transfer Agent (MTA). They are designed to consolidate information about malicious attachments detected at both the anti-virus and the Targeted Threat Protection-Attachment (TTP-AP) layer of protection. Contact a Mimecast representative or partner for more details on these features or to discuss an upgrade if necessary.
Accessing the Threat Dashboard
To access the Threat Dashboard you must have either the Super Administrator, Full Administrator, or Basic Administrator role. See the Understanding Administrator Roles page for more information.
To access the threat dashboard:
- Access the My Apps portal.
- Select the Threat Dashboard icon. The dashboard is displayed with the Overview tab displayed.
- If required, adjust the Date Range to display information over 24 Hours, 7 Days, or 30 Days.
The Overview Tab
The Overview tab displays the following information:
The Search Tab
The Search Tab helps you gain an insight into the messages blocked based on attachments. This allows you to rapidly determine to whom a particular threat has spread. It primarily gives insight into threats identified by anti-virus and Targeted Threat Protection - Attachment Protect metadata.
The search has two search methods:
- Search by Data: Allows you to search for data inside a message by searching for:
- Attachment File Hash
- From field
- To field
- Attachment Filename
- Sender IP Address
- Date Range
- Search by ID: Allows you to search on message IDs inside the header if you have previously identified a problem message ID.
You can click on a message which displays a popout panel providing the following information on the malware attack:
- Message Tab: This contains the following information:
- A summary of the message including who the message if from / to, the subject, and the received date.
- A list of the malicious attachments, including the file name, scan result, and file size.
- Threat Information Tab: This displays further information on the threat. For example if there are more than one attachment linked to the message, you can select one of them from the drop-down. This displays:
- A summary of the scan result, the malware type (e.g. virus), the attachment file name, threat name, and the file's hash.
- The malware analysis which identifies the type of malware, including an expandable / collapsible breakdown of the file's content, including exactly where the malicious content sits inside the file.
- Evidence to provide proof of the malicious content inside the attachment, and the reason the message was flagged.