This article contains information on resetting Engage-related Human Risk data, and associated audit logging to ensure accurate post-reset data and compliance.
Prerequisites
- You are an Engage, Email Security Cloud Gateway customer.
- You have a Super Administrator role.
Overview
Resetting Engage-related (training and simulated phishing) Human Risk data, affects Human Risk Scores and associated behavioral data, within the Human Risk Platform.
The reset functionality is designed to provide you with a "clean slate" after trial or onboarding phases, providing a Human Risk Score reset capability to match existing Engage data reset capabilities, and includes:
- Human Risk Score Reset Capability: You can reset all Engage-related Human Risk Score data for your organization. This includes the removal of scores and logs associated with training and simulated phishing (Simphish) behaviors that occurred before the reset time. The reset recalculates historical Human Risk Scores for both individuals and the organization, ensuring that post-reset data accurately reflects only post-reset activities.
- Audit Logging for Resets: Every reset action is Audit Logged. The logs capture details such as the behaviors being reset, the user who initiated the reset, the time of reset, and any comments provided. This ensures traceability and supports compliance requirements.
- User Confirmation Workflow: Before a reset is executed, you will need to provide a comment and confirm your intent, reducing the risk of accidental or unauthorized resets.
- Reset Status Tracking: You can view the status of reset operations, including when a reset is in progress, completed, or if it has failed in the UI. Clear messaging will be provided for each state, and you will be instructed to contact Support if errors occur.
Resetting the Human Risk Scores
You can reset the Engage-related Human Risk Scores, by using the following steps:
- Log in to Mimecast Administration Console.
-
Navigate to Human Risk Command Center | Settings | Data Management tab.
The Data Management tab shows when data was last reset, or if data has not been reset yet - Click on Reset Engage Data.
- Enter the Reset Reason (Mandatory).
-
Click on Reset Data to continue, or Cancel, to cancel the reset.
Clicking on Reset Data will permanently delete all existing scores and behaviors recorded before the reset, and cannot be undone.
-
The Data Management tab updates, to that data is being reset.
Once complete, the date and time the reset last took place will be displayed. -
Navigating to Human Risk Command Center | Dashboard will show that all scoring data associated with simulated phishing or training behaviors has been reset.
This may take up to 24 hours after the reset is complete, to be reflected at the organizational level.
It will be visible at the individual level, as soon as it's completed. - The Human Risk Score Reset creates an Audit Log entry (Human Risk category), which records the behaviors being reset, the user who initiated the reset, the time of reset, and any comments provided.
Frequently Asked Questions
| Q: | What data is reset? |
| A: | The reset process resets all scoring and event log data associated with simulated phishing or training behaviors that were logged in the system up to the time of the reset being requested |
| Q: | Scoring and Event Logs are reset; why not Action Logs? |
| A: | An individual Action Log entry might result from multiple events from different behaviors. Resetting Action Logs would require us to re-evaluate the criteria that resulted in the log, as if the system was in the same state as the point in time the Action Log was created, just minus the reset data. |
| Q: | Does this reset data from sources other than Engage? |
| A: | Yes. This capability will reset any training or simulated phishing data, including that from third-party integrations like Microsoft Attack Simulation. |
| Q: | Does this replace the current process for resetting data in Engage/ Awareness Training? |
| A: | No. Resetting Engage / Awareness Training data still requires raising a Support case. |
Comments
There really needs to be a reset option for single users… rather aggravating there isn't.
hi Dalton, many thanks for raising this feedback with us.
You can only currently remove data from the Human Risk Command Center via full reset.
We are looking to provide additional functionality to assist users in maintaining data quality, including additional reset capabilities, as well as the ability to mark events as false positive, or indicate they otherwise should be ignored.
It's actually more annoying you can't reset a users Awareness Training stats, or even clear users pass due modules. We have a situation where some users we merged in, we had made accounts for them prior to being merged in, then we merged in their accounts from their domain. Then once we made 1 an alias it caused a bunch of issues with module duplication. Putting 1 address in Inactive only fixed half the problem and because they completed modules on the old account, they now have to re-complete on the new account which is a huge pain point when you're dealing with “C-Levels and Execs….”.
Thank you for your feedback. I can see that you already have a ticket open, and our support team will assist with your query.
Please sign in to leave a comment.