To set default values for Automatic Remediation:
- Log into Incident Response.
- From the menu, select Settings.
- On the Settings page, select the Automatic Remediation tab.
- Select whether you want to enable Automatic Remediation for your organization. If this value is No, the other settings do not take effect.
- Select the default action you want to take when you create an incident:
- Move emails from users' mailboxes to users' Junk folder – Users can still access the emails within the Junk folder.
- Delete emails from users' mailboxes – Users can no longer access the emails. This option must be selected to enable continuous remediation in the next field.
- Select values for the following settings:
- Enable continuous remediation for incidents – Enable if you want the system to locate and delete emails matching your search criteria for 72 hours past the original deletion time.
You must enable the Delete emails option above to use this option. For more information, see Continuous Remediation. - Ignore Security Awareness Training campaign emails – Enable if you want the system to take no remediation action against emails used in Security Awareness Training campaigns.
- Send an email alert to the recipient – Enable if you want to alert the email recipient when they are affected by an incident. Optionally, click Customize Alert to use your own text in email notifications. Save your customized text or revert to the default text.
- Send an email alert to the security team – Enable if you want to alert your organization's security team for each incident. If you enable this option, you must specify the default security team email here. Enter a single email, either to a single recipient or to a distribution list.
- Enable continuous remediation for incidents – Enable if you want the system to locate and delete emails matching your search criteria for 72 hours past the original deletion time.