Detections - Viewing Attack Details

Updated

This article contains information on viewing detected threats in Mimecast Email Security Cloud Integrated, detailing analysis panels for threat type, policy actions, message details, and email authentication.

Threat Details

You can view detected threats in the Detections section of Mimecast Email Security Cloud Integrated.

Each detected threat is displayed using detail panels, each displaying a deep email analysis. Depending on your email status, you can Release or Remove a message.
The panels displayed are as follows: 

Panel Description
Analysis The analysis tab displays the type of threat, its status, and the number of recipients.
Policy Displays the policy name, mode, and action performed. Select the Action to edit the policy.
See Getting Started (Managing Policies & Protection Modes section), and Per Policy Detection Engines.
Message Displays details about the detected message. 
This contains the following:
  • Subject.
  • From.
  • To.
  • Date/Time.
  • Message ID.
This panel includes a View Original Email Headers button and a Download.EML button.
Detailed Analysis Display detailed data about the message:
This includes:
  • Attachment.
  • Email scan.
  • Detection.
  • Open in Browser Isolation: Clicking this button will launch a Browser Isolation session, rendering the URL referenced in the Detailed Analysis section.
    • The actions allowed in Administration Browser Isolation sessions cannot be modified through email policies.
    • This can be found by navigating to  Policies | Email | Expand URL and scrolling down to Browser Isolation
    • Refer to the configuration below for managing Administration Browser Isolation sessions.

Event Timeline

  • The Event Timeline can be found under the Timeline tab on the Detection Details page.
  • It is visible for all entities - Email, Chat and Files. The stages differ across each because the processing each entity undergoes is different.
  • User actions are recorded along with the corresponding reasons and the admin's name. For instance, when a message is removed, it specifies who removed it and the reason provided.
  • Progress events for user actions like Release and Remove are not recorded if a final Success or Failure state is available. For instance, a quarantined email may briefly show Release in Progress before changing to Manually Released, in which case only Manually Released is captured to minimize timeline noise. If the email remains stuck in Release in Progress due to a technical issue, we will continue to report that status until a final outcome is determined.

Here are several use cases that a user might encounter:

  1. In a case where the Email is Delivered. 

Delivered.png

  1. In the case where the Email is Blocked.

Blocked.png

  1. In the case where the Email is Quarantined.

Quarantined.png

  1. In the case where the Email is Moved to Junk.

Move_to_Junk.png

Related to

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.