Mimecast Email Incident Response - Dashboard

This article explains how we return results via Analysis & Response. This will enable you to track malicious messages and review results.

Considerations

• The dashboard shows messages found to be (potentially) malicious.
• The dashboard is a part of Analysis & Response. Please read the Analysis & Response Knowledge Base article for details.

The dashboard is separated into the following two sections:

• A Message Overview page, showing you all the latest messages that have been classified as (potentially) malicious.
• A Message Detail page, showing you all the threat intel Mimecast has around the message.

Message Overview Page

This page provides a summary of all emails reported by end users within your organization found to be (potentially) malicious by TRO (Threat Response Operations). These messages have already been actioned by TRO. Malicious messages have been remediated, and the Mimecast detection stack has been improved where necessary.

Key Features

1. Review TRO Results:

• • Provide insights into phishing, impersonation, and other email-based threats.
  • ‘Follow-up’ with TRO more questions.

2. Filtering and Export Capabilities:

• • Filter results based on specific time ranges.
  • Select specific email entries to export report data for further offline analysis.

3. Detailed Information

• Messages are grouped by messageID.
• For more info on the potential results in the Analysis & Details columns, please see Mimecast TRO actions.
• The Latest report column shows the last time this message has been reported.
• The follow-up functionality.

Message Detail

This page provides an in-depth analysis of a specific email. It shows extensive details provided by Analysis & Response. It is enhanced with the end user reports and TRO investigation results.

Key Features

1. Review

• Analyst notes summarizing the potential threat, including malicious URLs or attachments.
• Remediation results.

2. Access detailed information about recipients, reporters, and email metadata.
3. Detailed information:

• • Remediation ID will show the message remediation incident as started by the analyst
  • Analyst notes will show up to 4 items:
    • Added URL and/or attachment file hash to blocklist: This shows when a malicious file hash or URL is found, which is now globally blocked by Mimecast.
    • Added detection updates: This shows when an update has been applied to our detection stack globally.
    • Malicious URLs: This shows when the message contained one or more malicious URLs.
    • Malicious Files: This shows when the message contained one or more malicious files.
    • Text comment: This shows when the analyst wanted to share any other information.