Mail threats list

The Mail threats widget is a list displaying the email messages analyzed in the network.

The quick search field above the list provides fast, as-you-type search. It filters the rows in the list, displaying only those rows that have text, in any field, that matches the query string.

Use the Select pull-down menu for a fine-tuned selection. Its options allow you to select All visible messages or to Clear selection. You can also click the checkbox icon in the title row to select all visible messages.

Use the Action pull-down menu to update the selected incidents: Update state, Update assignment, Release from quarantine, or Delete from quarantine.

Note:

The email list displays all messages detected by all of the sensors. Quarantine actions (release or delete) may take a few seconds to execute as the action needs to be dispatched and executed by the Sensor hosting the specific message. You can monitor progress by refreshing the view or by selecting a specific message.

The system provides feedback about the number of messages selected for the requested action.

The columns to be displayed in the list can be customized by clicking the additional content icon.

Customize the number of rows to be displayed. The default is 20 entries. Use the left arrow (back) and right arrow (forward) icons to navigate through multiple pages.

Each row is a summary of a message. Click the plus icon (or anywhere on an entry row) to access a detailed view of this message.

The list of messages contains the following columns:

Timestamp

Indicates when the message was received. The time is shown in the currently selected timezone.

The list is sorted by timestamp, by default in decreasing order (latest attachment at the top). Click the angle up icon to sort the list in increasing order (oldest attachment at the top). Click the angle down icon to toggle to the default.

Sensor

Name of the sensor that detected the message.

Sender

The email address of the sender of the message. This email address may be spoofed.

Click the sort icon to sort the list alphabetically by the sender.

Recipient

The email address of the recipient of the message.

Click the sort icon to sort the list alphabetically by the recipient.

Subject

The provided subject of the message.

Click the sort icon to sort the list alphabetically by the subject.

Attachments

Lists the number of attachments found in the message. Click the details button to view the Attachments page for details about the attachment.

URLs

Lists the number of URLs found in the message. Click the details button to view the URLs page for details about the URLs.

Threat

Name of the detected threat in the attachment or URL.

Click the sort icon to sort the list by threat. Initially the list is sorted by decreasing order (most critical at the top).

Threat class

Name of the detected threat class of the attachment or URL.

Click the sort icon to sort the list by threat class. Initially the list is sorted by decreasing order (most critical at the top).

Antivirus class

A label defining the antivirus class of the downloaded file.

Malware

A label defining the malware type of the downloaded file. If the label has a tag icon, you can click it for a pop-up description.

Impact

The impact value indicates the critical level of the detected threat and ranges from 1 to 100:

  • Threats that are 70 or above are considered to be critical.

  • Threats that are between 30 and 69 are considered to be medium-risk.

  • Threats that are between 1 and 30 are considered to be benign.

If the stop icon appears, it indicates the artifact has been blocked.

Click the sort icon to sort the list by impact.

State

Indicates the lifecycle status of the analysis of the message.

Assignee

The username of the analyst currently working on the analysis of the message.