This functionality is available only with Barracuda Email Protection Premium and Premium Plus plans. To upgrade to one of these plans, contact your Barracuda Networks Sales Representative.
Incident Response can locate potential threats looming in your Microsoft 365 account.
Potential Incidents comprise two categories:
- Related Threats – Threats based on an incident you already created. Click View Original Incident to see the incident you already created.
- Post-Delivery Threats – Based on Barracuda Networks' intelligence on currently circulating threats, threats that might already be present in your inbox.
Remediating Potential Incidents
Each potential threat is displayed on a separate card on the Potential Incidents page. Each card displays the number of emails related to this potential threat detected in your Microsoft 365 account on the date and time shown.
To remediate potential threats:
- Log into Incident Response.
- From the Menu, select Insights.
- Select Potential Incidents.
- Review the potential threats and, if desired, create a new incident based on a specific threat.
To create a new incident for a specific potential, click Create Incident for that threat and follow the instructions described in Creating an Incident.
Click Dismiss to remove a potential threat card from this page. Note that this action cannot be undone.
Note that each card includes the date and time when the threat was first detected, along with the number of emails detected at that date and time. When you view the Potential Incidents page, the actual number of emails detected might differ from the number displayed on the card. In some cases, there might not be any emails. Conditions resulting in these different counts include:
- You are visiting the Potential Incidents page hours or days after the card was created. During the elapsed time, the system detected addition emails, resulting in a higher number.
- You, or someone in your organization, created an incident after the card was created, resulting in a lower number. You might have created the incident using the incident wizard or Barracuda Email Security Service, without having seen a Potential Incident card.
- After the card was created, some of the emails aged out of the system. Emails older than 30 days are no longer visible in the system, resulting in a lower number.
Receiving Alerts for Potential Threats
You can configure the system to automatically send you alerts when Incident Response identifies a potential threat.
To create automatic alerts when a user reports a suspicious email:
- Log into Incident Response.
- From the Menu, select Settings.
- Specify that you want to send an email alert to the security team.
- Specify whether you want to use the same email address for the security team that you specified for Manual Remediation settings.
- If you choose to use the same email address, it will autofill for you. Otherwise, specify a single email address to receive these alerts.