Use the Barracuda Forensics & Incident Response wizard to identify a new incident:
- Log into Barracuda Forensics & Incident Response.
In the Incidents screen, click New Incident.
- In the New Incident page, enter criteria in any or all of the fields: Email Subject, Sender Email, Date and click Search Messages.
Some or all of the search criteria fields are completed automatically if you are creating an incident from certain locations including user-reported emails or message log emails.
The Review recipients page displays all matching results for the entered criteria.
- If your search returned too many emails, click Refine Search to better target the suspicious mails. Return to Step 3, described above. Otherwise, proceed to Step 6.
- Click Review Users at Risk. The Users at Risk page presents you with recipients that clicked on a link in an email in the incident. As an added security measure, you can copy the list and send an email to the affected users with instructions on changing their passwords. Click Review Remediation Options to proceed.
- On the Incident Remediation page, select one or more actions, then click Remediate. Note that these actions might take several minutes to complete.
User Options – These actions directly affect the users.
- Delete selected emails permanently from affected users' inboxes. This action requires Barracuda Sentinel.
- Send a warning email alert to the affected users. Click Edit Email Alert to customize the message.
Policy Options – These actions affect policies for future emails.
Quarantine or block all future inbound emails – Adds a global policy in your Barracuda Email Security Service account under Sender Policies. You can choose to do this in two different ways:
- by sender sets the policy for the unique sender(s) of this email
- by domain sets the policy for all unique sending domain(s) of this email
- Quarantine or block all future inbound emails – Adds a global policy in your Barracuda Email Security Service account under Sender Policies. You can choose to do this in two different ways:
- Incident Tracking – Select if you want to send a summary of the incident to yourself.
- User Options – These actions directly affect the users.
Review the suggested additional actions, then click Close.