Incidents
In Email Security, potential threats are called incidents. An incident can be flagged by the system or by a user using the TitanHQ for Outlook add-in.
Go to Email Security > Incidents to view, take action on (remediate), and manage incidents in Email Security.
Note
If you have auto remediation set up, then Email Security will automatically send malicious mails to a user's junk folder. See Remediation for more details.
Incidents are divided into two groups, which can be accessed by selecting either the Action Needed or Resolved tabs at the top of the page.
The Action Needed tab opens by default when you select Email Security > Incidents and displays incidents requiring admin attention. These are Incidents that have been reported by users using the TitanHQ for Outlook add-in. When you mark these mails as safe or move them to junk, they are automatically moved to the Resolved tab.
The Resolved tab contains mails that have been automatically flagged by the system and ones you have taken action on are also listed here. No further action is required for these incidents.
Use the search
box to search the list of incidents.Select the column
icon to manage how table columns are displayed.
By default, all columns are visible and arranged in a specific order. You can change the display by doing the following:
Slide the toggles off and on to hide or display columns.
Use the reordering
icon to move columns up and down the list. This changes the left-to-right display. An item at the top of the list, for example, means that it will be the first column on the left. Select Restore default order to restore the columns to their default positions.Resize columns by hovering your cursor over the column boundary you want to adjust until it becomes a resize
cursor. Drag the boundary until the column is the width you want.
Note
Note that any changes you make here will remain, even if you leave the page.
The following columns are available:
Date: The date the reported email was received.
Subject: Email subject line of the reported email.
Sender: Sender email address of the reported email.
Flag Reason: The reason this email was flagged for further investigation. See Incident Flag Reasons.
Status: The current status of this incident. See Incident Status Descriptions.
Actions: Actions available for this incident.
From the Actions column, you can do the following:
To add a sender to the Allow List, select the allow sender
icon for the incident. See Allow List for further details.To add a domain to the Allow List, select the allow domain
icon for the incident. See Allow List for further details.
To view additional details of an incident, locate the incident in the table and select it. See Incident Summary for further details.
Incident Flag Reasons
Flag Reason | Description |
|---|---|
User Reported Phishing | A user reported this email as phishing with the TitanHQ for Outlook add-in. |
User Reported Clean | A user reported this email as clean with the TitanHQ for Outlook add-in. |
Suspicious Text | Email Security detected suspicious text in the body of this email. |
Malicious Links | Email Security detected malicious links in the body of this email. A malicious URL is a link embedded in an email that was created with the purpose of promoting scams, attacks, and frauds. When selected, malicious URLs can download ransomware, or lead to phishing or spearphishing emails. |
Phishing | Email Security flagged this email as a phishing attempt. Phishing emails attempt to trick people into revealing personal or confidential information which can then be used illicitly; for example, to steal a recipient's money or identity. |
Spoofed Display Name | Email Security detected a spoofed display name. Email spoofing is the creation of an email with a forged sender address to intentionally mislead a recipient about its origin. |
Spam | Email Security flagged this email as spam. Spam refers to unsolicited emails that are sent to a large number of recipients, usually as advertising. |
Fraud | Email Security flagged this email as fraud. Email fraud intentionally deceives the recipient into sharing personal data, such as bank or credit card details. |
Graymail | Email Security flagged this email as Graymail. Graymail refers to solicited marketing emails and comes from a legitimate source. Recipients once subscribed to them and now may no longer open or read them. |
Exploited Domains | Email Security detected this email as coming from a free email service, which malicious actors frequently use to launch phishing attacks. An alert banner was added as a reminder to users to stay vigilant, even if the email content does not look suspicious. |
Incident Status Descriptions
Status | Description | Available Actions |
|---|---|---|
 | An email has been flagged by a user as phishing or clean using the TitanHQ for Outlook add-in. This incident needs Admin attention and review. | Remediate Mark as Safe Allow Sender Allow Domain |
 | Administrator has reviewed this email and determined it was malicious and selected to move it to a user's Junk folder. This email has been moved to the Junk folder for all recipients. | Mark as Safe Allow Sender Allow Domain |
 | Email Security has flagged this email as suspicious and applied a warning banner before delivering it to a user's Inbox. | Remediate Mark as Safe Allow Sender Allow Domain |
 | Administrator has reviewed this email and determined it is safe. Once marked as safe, the email is then delivered to all recipients with a banner marking it as safe. | Remediate Allow Sender Allow Domain |
 | Auto remediation has been enabled meaning that this email has automatically been moved to the Junk folder for all recipients. | Allow Sender Mark as Safe |