Support - Office Protect

NEW - We have added more details about IP addresses detected in security events

• How to access a security event details?
• What can I find in my security event details?

How to access a security event details?

• In the Report section, click on any security event displayed in the table
• In the Alert email, click on "View event in Office Protect" 
• In the ConnectWise or Autotask security event ticket, click on "View event in Office Protect"

What can I find in my security event details?

In the security event details, you can find:

• The security event details: timestamp, description
• Details if the security event has been ignored: ignoring date, whitelist rule if the event has been automatically ignored through a rule
• All of the security event's entities on which Office Protect has been able to retrieve more details or potential remediation actions. More details are usually included on:
  • Users: Status, MFA state, last password change, alternate contacts, assigned licenses, admin roles, last sign-in date, creation date.
  • Applications, Teams applications: Type, description, state, publisher, verification state, creation date, admin roles, and granted permissions with their descriptions.
  • Mail flow rules, inbox rules: Status, rule details, why has it been flagged as suspicious by Office Protect.
  • Anonymous links: Status, permissions, and file path.
  •  NEW  - IP addresses:
    • You can choose to view the details of the IP address at the time the security event was detected by our systems (Recorded IP), or the updated data in real time (Live IP Lookup).
    • Location data: Country, region/state, city
    • Internet service provider (ISP)
    • Autonomous system organization name (AS name)
    • Usage: consumer, hosting, corporate, ...
    • More details if the IP is originating from a proxy provider: threat level, type of proxy, type of systems or services that were attacked from this address,...

            If details are missing, Office Protect has not been able to retrieve them, either because of the entity status or because             details are not available.

• All remediation actions available to mitigate the risks, act quickly and avoid potential damage if there is a compromise on your organization. If no remediation is available yet, a banner is displayed.
  See all remediation actions details
• How to react: our recommendations to investigate the situation and take action if needed