Barracuda Forensics & Incident Response can locate potential threats looming in your Office 365 account.
Potential Incidents comprise two categories:
- Related Threats – Threats based on an incident you already created. Click View Original Incident to see the incident you already created.
- Post-Delivery Threats – Based on Barracuda's intelligence on currently circulating threats, threats that might already be present in your inbox.
Remediating Potential Incidents
Each potential threat is displayed on a separate card on the Potential Incidents page. Each card displays the number of emails related to this potential threat detected in your Office 365 account on the date and time shown.
To remediate potential threats:
- Log into Barracuda Forensics & Incident Response.
- In the left pane, click the menu () icon, then click Insights.
- Select Potential Incidents.
- Review the potential threats and, if desired, create a new incident based on a specific threat.
To create a new incident for a specific potential, click New Incident for that threat and follow the instructions described in Creating an Incident.
Click Dismiss to remove a potential threat card from this page. Note that this action cannot be undone.
Note that each card includes the date and time when the threat was first detected, along with the number of emails detected at that date and time. When you view the Potential Incidents page, the actual number of emails detected might differ from the number displayed on the card. In some cases, there might not be any emails. Conditions resulting in these different counts include:
- You are visiting the Potential Incidents page hours or days after the card was created. During the elapsed time, the system detected addition emails, resulting in a higher number.
- You, or someone in your organization, created an incident after the card was created, resulting in a lower number. You might have created the incident using the incident wizard or Barracuda Email Security Service, without having seen a Potential Incident card.
- After the card was created, some of the emails aged out of the system. Emails older than 30 days are no longer visible in the system, resulting in a lower number.
Receiving Alerts for Potential Threats
You can configure the system to automatically send you alerts when Barracuda Forensics & Incident Response identifies a potential threat.
To create automatic alerts when a user reports a suspicious email:
- Go to Barracuda Forensics & Incident Response, logging into https://forensics.barracudanetworks.com/.
- From the menu, select Insights, then Potential Incidents.
- Click the Settings icon in the upper right corner of the screen.
- Specify that you want to receive alerts.
- Specify whether you want to use the same email address for the security team members that you alert for other alerts.
If you choose to use the same email address, it will autofill for you. Otherwise, an email address to receive these alerts.
- Click Save.