NEW - This page has been redesigned to include all investigation data you need to make a decision when security incidents are raised
How to access a security event details?
- In the Report section, click on any security event displayed in the table
- In the Alert email, click on "View event in Office Protect"
- In the ConnectWise or Autotask security event ticket, click on "View event in Office Protect"
What can I find in my security event details?
In the security event details, you can find:
- The security event details: timestamp, description
- Details if the security event has been ignored: ignoring date, whitelist rule if the event has been automatically ignored through a rule
- All of the security event's entities on which Office Protect has been able to retrieve more details or potential remediation actions
- More details are usually included on users, applications, Teams applications, mail flow rules,inbox rules, mail forwarding settings, anonymous links,...
- All remediation actions available to mitigate the risks, act quickly and avoid potential damage if there is a compromise on your organization. If no remediation is available yet, a banner is displayed.
- How to react: our recommendations to investigate the situation and take action if needed
