Skip to main content

Platform

Incidents

In Email Security, potential threats are called incidents. An incident can be flagged by the system or by a user using the TitanHQ for Outlook add-in.

Go to Email Security > Incidents to view, take action on (remediate), and manage incidents in Email Security.

Note

If you have auto remediation set up, then Email Security will automatically send malicious mails to a user's junk folder. See Remediation for more details.MSP Remediation

Incidents are divided into two groups, which can be accessed by selecting either the Action Needed or Resolved tabs at the top of the page.

PT-Incident-Tabs.jpg
  • The Action Needed tab opens by default when you select Email Security > Incidents and displays incidents requiring admin attention. These are Incidents that have been reported by users using the TitanHQ for Outlook add-in. When you mark these mails as safe or move them to junk, they are automatically moved to the Resolved tab.

  • The Resolved tab contains mails that have been automatically flagged by the system and ones you have taken action on are also listed here. No further action is required for these incidents.

  • Use the search search-incidents.jpg box to search the list of incidents.

  • Select the column ES-Column-Reorder-icon.jpg icon to manage how table columns are displayed.

    ES-Column-Reorder.jpg

    By default, all columns are visible and arranged in a specific order. You can change the display by doing the following:

    • Slide the toggles off and on to hide or display columns.

    • Use the reordering ES-Reordering-icon.jpg icon to move columns up and down the list. This changes the left-to-right display. An item at the top of the list, for example, means that it will be the first column on the left. Select Restore default order to restore the columns to their default positions.

    • Resize columns by hovering your cursor over the column boundary you want to adjust until it becomes a resize ES-Resize-Cursor.jpg cursor. Drag the boundary until the column is the width you want.

    Note

    Note that any changes you make here will remain, even if you leave the page.

    The following columns are available:

    • Date: The date the reported email was received.

    • Subject: Email subject line of the reported email.

    • Sender: Sender email address of the reported email.

    • Flag Reason: The reason this email was flagged for further investigation. See Incident Flag Reasons.

    • Status: The current status of this incident. See Incident Status Descriptions.

    • Customer: The Email Security customer this incident is related to.

    • Actions: Actions available for this incident.

  • From the Actions column, you can do the following:

To view additional details of an incident, locate the incident in the table and select it. See Incident Summary for further details.

Incident Flag Reasons

Flag Reason

Description

User Reported Phishing

A user reported this email as phishing with the TitanHQ for Outlook add-in.

User Reported Clean

A user reported this email as clean with the TitanHQ for Outlook add-in.

Suspicious Text

Email Security detected suspicious text in the body of this email.

Malicious Links

Email Security detected malicious links in the body of this email. A malicious URL is a link embedded in an email that was created with the purpose of promoting scams, attacks, and frauds. When selected, malicious URLs can download ransomware, or lead to phishing or spearphishing emails.

Phishing

Email Security flagged this email as a phishing attempt. Phishing emails attempt to trick people into revealing personal or confidential information which can then be used illicitly; for example, to steal a recipient's money or identity.

Spoofed Display Name

Email Security detected a spoofed display name. Email spoofing is the creation of an email with a forged sender address to intentionally mislead a recipient about its origin.

Spam

Email Security flagged this email as spam. Spam refers to unsolicited emails that are sent to a large number of recipients, usually as advertising.

Fraud

Email Security flagged this email as fraud. Email fraud intentionally deceives the recipient into sharing personal data, such as bank or credit card details.

Graymail

Email Security flagged this email as Graymail. Graymail refers to solicited marketing emails and comes from a legitimate source. Recipients once subscribed to them and now may no longer open or read them.

Exploited Domains

Email Security detected this email as coming from a free email service, which malicious actors frequently use to launch phishing attacks. An alert banner was added as a reminder to users to stay vigilant, even if the email content does not look suspicious.

Incident Status Descriptions