Setup
Perception Point X-Ray admin users can configure the setup of Perception Point X-Ray in their organizations.
This section includes:
Profile 1
Profile
The Profile page in Perception Point X-Ray lets you manage the profile settings for you, the admin user that is currently logged-in to Perception Point X-Ray.
To open the Profile page: In Perception Point X-Ray, in the left navigation menu, select Account > Profile.
Admin users with any user role are able to display the Profile page. |
This page includes:
Selecting the display theme 6
You can view and configure the following profile details:
Personal Information | ||
Full Name | Shows your full name in Perception Point X-Ray. This name will be displayed on the right of the Perception Point X-Ray banner, and will be used in various other locations by Perception Point X-Ray. Only a user with the "Administrator" role can change the name of a user. | |
Email Address | Shows your email address. All relevant Perception Point X-Ray communication with you'll be sent to this address. Only a user with the "Administrator" role can change your email address. | |
Security  | ||
Force Multi-Factor Authentication | Forces all users in the organization to enable and set-up multi-factor authentication [MFA - see below] to access Perception Point X-Ray. This option appears only for users with the "Administrator" role. | |
User MFA | Lets you activate and set-up multi-factor authentication [MFA] that will be required for you to access Perception Point X-Ray. After you activate MFA: When you next log-in to Perception Point X-Ray, you'll be instructed to scan a QR code with Google Authenticator [or a similar authenticator app], and then enter a passcode. You'll also get a recovery code that you can use to access Perception Point X-Ray when your device is not available. Make sure to keep the recovery code in a safe place. The recovery code may also be required in the case of an account take-over. If necessary, contact Perception Point Support [support@perception-point.io] for help to reset your MFA. To transfer MFA from one device to another, remove the admin user, and then re-add the admin user. Thereafter, you can activate MFA on the new device. To disable MFA, contact Perception Point Support [support@perception-point.io].
| |
Password | Changing or resetting your password Click "Reset Password" to reset your password. An email will be sent to your registered email address [see above]. The email will contain instructions on how to reset your password. You can also click "Don’t remember your password?" on the Perception Point X-Ray log-in page. There is no expiration period for passwords. | |
API Key | You may need this value for authorization when using Perception Point X-Ray API calls. For details about the Perception Point X-Ray API, see API. For security reasons, the API key is blurred in the UI. Click the Copy button [  ] to copy the API key to the clipboard.
| |
Contact Information  | ||
Organization Name | The name of your organization - as it will appear throughout Perception Point X-Ray. The organization name can be changed by Perception Point Support [support@perception-point.io] only. | |
Organization's Default Interface Language | The language of the Perception Point X-Ray user interface that will be displayed to new admin users in your organization. Admin users can change the UI language that is displayed when they sign-in to Perception Point X-Ray. To change the Perception Point X-Ray interface display language: [Old method] Click the Language icon on the right of the Perception Point X-Ray banner, and select the required language.  [New method] Click the down-arrow that is on the right of your name on the right of the Perception Point X-Ray banner, click Language, and then and then click the required language. The currently available interface languages are English, Spanish, German, French, Italian, Portuguese, Korean, and Japanese. The default display language can be changed by Perception Point Support [support@perception-point.io] only.
| |
Selecting the display theme
By default, Perception Point X-Ray is displayed using the "light" display theme [mode]. An admin user can change the display to the "dark" display theme.
To switch the display theme:
Click the down-arrow that is on the right of your name on the right of the Perception Point X-Ray banner [
].
Click Theme, and then select the required theme: Light or Dark.
Admin users
This section includes:
About Perception Point X-Ray admin users 7
About admin-user roles 7
Inviting new admin users 9
Admin user access 12
About Perception Point X-Ray admin users
The Admin Users page lets you manage the admin users in your organization - those users that have access to Perception Point X-Ray.
To open the Admin Users page: In Perception Point X-Ray, in the left navigation menu, select Account > Admin Users.
The Admin Users page is available to admin users with the "Admin" role only. |
About admin-user roles
Each Perception Point X-Ray admin user is assigned a user role. The role defines the tasks that the admin user is permitted to perform in Perception Point X-Ray.
Role functionality | Explanation |
Upload files | Can upload files to be analyzed. For details, see Self Analysis. |
View scans | Can view scans. |
Preview and download | Can preview and download scan details. |
Scan actions | Can perform various actions on scans. |
Settings | Can configure settings. |
Manage users | Can configure admin users. See "About Perception Point X-Ray admin users" on page 7 above. |
Note: Only an admin user with the "Admin" role can change the role of an admin user. For all other user roles, the Edit [  ] button [see below] will not appear. |
To change the role that is assigned to an admin user:
In the Admin Users page, locate the user, and click Edit [
].
Select the required Role, and then click Save Changes.
Inviting new admin users
You use invitation emails to invite new admin users. You can invite just a single admin user at a time. When you invite a new admin user, an invitation email is sent to the email address that you specify for the user. Before you send the email, you must specify the role that will be assigned to the new user, and you can limit the set of verdicts for which the user is able to access scans in the Scans page.
Note: Only an admin user with the "Admin" role can invite a new admin user. For all other user roles, the Add User button [see below] will not appear. You can't add an admin user to an organization that is Inactive. If your organization is configured to force users to sign-in to Perception Point X-Ray using SAML, then it is not possible to add [invite] new admin-users using the procedure that is described on this page. [The Add User button (see below) will not appear.] Instead, the admin-user needs to sign-in to Perception Point X-Ray using the "Log in with SSO" option, or via the SAML app. The first time a new admin-user successfully signs-in to Perception Point X-Ray, a corresponding new admin-user will be created in Perception Point X-Ray. For further details, see Forcing SAML sign-in. Each admin user is identified by an email address. An email address can be assigned to only one organization. Therefore, an admin user can't be added to more than one organization - unless a different email address is used for each organization. |
To invite a new admin user:
In the Admin Users page, click Add User. The Add Admin User dialog box opens.
Dialog box options | |
Email address | Specify the email address of the new admin user. An invitation email will be sent to this email address. |
Role | Select a role for the new admin user. The role defines the user's access permissions within Perception Point X-Ray. |
View verdict permissions | Some roles permit admin users to access scans in the Scans page. By default, when an admin user is permitted to access scans, the admin user is able to access scans that have any verdict. "View verdict permissions" lets you specify that the user will be permitted to access scans that have specified verdicts only. |
Organization | Select the Organization that the new admin user will be able to access. See "Admin user access" on page 12 below for additional information. |
Click Send Invitation. An invitation email will be sent to the specified email address.
When the new admin user receives the invitation email, the admin user should click Join Now inside the email, and then click Sign Up in the dialog box that opens.
After performing the sign-up procedure, the new admin user will be able to log-in to Perception Point X-Ray using the credentials that were used to sign-up.
Note The "Join Now" link in the invitation email expires 72 hours after the email is sent. If the "Join Now" link expires, there is an option to resend the invitation. This resend option appears in the list of admin users. This option will appear until the user logs-in successfully to Perception Point X-Ray.  If a user has been sent an invitation email, but has not yet signed-in to Perception Point X-Ray, you are not able to delete the user. Contact Perception Point Support [support@perception-point.io] for assistance. |
Admin user access
A person who is an admin in a parent organization will be able to access all the child organizations - even though the admin is not registered in the child organizations. This applies only when the parent is an MSSP-type organization. Admin users in all other organizations-types can access their organization only - and not any child organizations in which they are not registered. An admin user in a child organization can access that child organization only.
VIP users
This section includes:
About VIP users 12
Adding a VIP user 13
Adding multiple VIP users 15
About VIP users
Some end-users may be more prone to impersonation attempts than other end-users. This list of prone end-users may include people such as CEOs and other executives, and marketing and sales-people - that have their contact details freely available on multiple platforms. These end-users may therefore be more vulnerable to Business Email Compromise [BEC] attempts and to phishing attacks.
It is advisable that you define these end-users as VIP users inside Perception Point X-Ray, in order to be able to pay additional attention to attempted impersonation attacks of these end-users. This is done to help protect end-users in your organization from impersonation attempts of these VIP users.
How does it work?
When you define a VIP user, you list all private email addresses that are used by the VIP user.
When an email is received in your organization, and the email has a similar display name to the name of a VIP user, and the email is sent from an unlisted email address - (while also taking into consideration additional indicators) - Perception Point X-Ray may assign the email a malicious scan verdict. This is done because the email is possibly trying to impersonate the VIP user.
Why not assign all end-users as VIP users?
By assigning all end-users to be VIP users, you may cause valid emails to be assigned a malicious verdict - because they were sent from an "unlisted" email address.
Note: There is no additional cost for adding VIP users. |
The VIP Users page
The VIP Users page lets you add and manage the VIP users in your organization.
To open the VIP Users page: In Perception Point X-Ray, in the left navigation menu, select Detection Setup > VIP Users.
The VIP Users page is available to admin users with the "Cyber Analyst" [or higher] role. |
Adding a VIP user
The procedure below describes how to add a single VIP user. If you have many users that you want to categorize as VIP users, Perception Point Support can assist you to perform a bulk addition of VIP users - using a CSV file. For details, see "Adding multiple VIP users" on page 15 below.
To add a new VIP user:
In Perception Point X-Ray, in the left navigation menu, select Detection Setup > VIP Users.
In the VIP Users page, click Add. The Add User dialog box opens.
Dialog box options | ||
Organization | The organization that this VIP user is part of.
| |
Display Name | The name that is commonly used to refer to this VIP user. E.g. James Smith
| |
Main Email Address | The main email address for this VIP user, in the organization. E.g. James.Smith@acme.com | |
Additional Email Addresses | Any additional email addresses that are used by the VIP user. These email addresses may be from inside the organization, or they may be external email addresses. Use commas to separate multiple addresses. E.g. James.Smith@gmail.com,James.Smith@yahoo.com,JSmith@gmail.com [Every email that appears to originate from the VIP user, but that doesn't come from one of the listed email addresses for the VIP user, will be assigned a malicious verdict. | |
Display name protected | All VIP users have display name protection. You can't disable this protection. | |
VIP | Adds a VIP tag to all scan results for emails that are sent to the "Main Email Address" or to any of the "Additional Email Addresses" defined above. In the Scans-summary page, you can filter the emails to show only those emails that were sent to VIP users. | |
Click Add. A new VIP user is added.
Adding multiple VIP users
The procedure above in "Adding a VIP user" on page 13 describes how to add a single VIP user. If you have many admin users that you want to categorize as VIP users, Perception Point Support can perform a bulk addition of VIP users. To perform a bulk addition of VIP users, you'll need to create a CSV file. The CSV file that you create should include the following information for each VIP user:
Display Name
Main Email Address
Additional Email Addresses
See the table above for definitions and requirements of each of these elements. Use commas to separate between values. When the CSV file is available, send it by email to Perception Point Support [support@perception-point.io]
Disclaimers
This page includes:
About disclaimers 16
Propagating disclaimers from a parent organization to child organizations 17
Customizing disclaimers 17
Disclaimer types 18
Previewing disclaimers 19
Enabling [activating] and disabling disclaimers 20
Required configurations after enabling disclaimers 20
Disclaimers with Exchange 2019 22
About disclaimers
You can insert various disclaimers (contextual banners) at the top of inbound emails. These disclaimers indicate to the email recipients that there is a suspicion about the security of the email. For example, the disclaimer below warns recipients to be cautious with emails that are sent from outside their organizations:
The Disclaimers page lets you preview, enable, and disable the disclaimers.
To open the Disclaimers page:
In Perception Point X-Ray, in the left navigation menu, select Detection Setup > Disclaimers.
Any admin user with the "Self Analysis" role [or higher] can access the Disclaimers page. |
Note: If you enable disclaimers in a parent-organization, the disclaimers will be enabled in all child-organizations as well. If you want to enable disclaimers for a specific child organization only, select that organization in the Perception Point X-Ray banner before enabling the disclaimer. When you enable disclaimers for an organization, DKIM checks may fail. See "Required configurations after enabling disclaimers" on page 20 below. Disclaimers are always added at the top of an email - they can't be added at the end of an email. Disclaimers can't be relocated inside an email. You can enable specific disclaimers for specific users. This is typically done for testing purposes. Contact Perception Point Support [support@perception-point.io] for details. By default, disclaimers may not be compatible with Exchange 2019. If you are using Exchange 2019, see "Disclaimers with Exchange 2019" on page 22 below. |
Propagating disclaimers from a parent organization to child organizations
Disclaimer configurations that are set in a parent organization are applied [propagated] to the child organizations as well. Therefore, for example, if you activate a particular disclaimer in the parent organization, that disclaimer will be activated in all the child organizations as well.
If you want to modify a disclaimer for a specific child organization only, select that child organization in the Perception Point X-Ray banner before modifying the disclaimer.
Note: If you activate a custom disclaimer in a parent organization, and a child organization has the default disclaimer active, two disclaimers may appear. |
Customizing disclaimers
Using Perception Point X-Ray, you can only preview, enable, and disable disclaimers - but not edit disclaimers. However, Perception Point Support is able to edit disclaimers. Through Perception Point Support, it is possible to customize the design of the disclaimers - as they will be seen by the recipients. This may be useful, for example, if you want to change the language, content, size, or font of a disclaimer. It is also possible to configure when the disclaimers will be displayed. It is possible to add a logo to the disclaimers.
To customize the disclaimers in your organization:
Request Perception Point Support [support@perception-point.io] to send you a zip file that contains all the default disclaimers - in HTML format.
You can include the text template below in your email:
Subject: Customizing disclaimers |
Hi Perception Point Support Team, Organization name: We would like to customize our disclaimers. Please can you send us a zip file that contains all the default disclaimers - in HTML format. We will make the required changes to the files, and then return the modified files to you. Thank you |
Make the required changes to the files.
Return the modified files to Perception Point Support [support@perception-point.io].
Perception Point Support will then implement your customized disclaimers.
For details on all the above tasks, contact Perception Point Support [support@perception-point.io].
Disclaimer types
Perception Point X-Ray includes a set of "out of the box" disclaimers. You can contact Perception Point Support [support@perception-point.io] for information about additional disclaimers.
The set of Perception Point X-Ray "out of the box" disclaimers includes:
External | Added when an email is sent from an address that is outside your organization. | |
External - First Time | Added when an email is sent from an address that is outside your organization - and is sending an email for the first time to the recipient.  | |
Unscanned Password Protected | Added when an email includes a password-protected file that was only partially scanned. | |
Display Name Deception | Added when an email is sent from a user who appears to be impersonating someone in your organization.
| |
Spoofed Domain | Added when an email is sent from a domain that appears to be impersonating another domain. | |
Different Origin | Added when an email is sent by someone who is sending the email from a different path than is usually used by the sender.
| |
SPF Hard Fail | Added when an email is sent from an IP address that is not authorized for the domain from which it was sent. |
Previewing disclaimers
You can preview any of the "out of the box" disclaimers.
To preview a disclaimer:
In Perception Point X-Ray, in the left navigation menu, select Detection Setup > Disclaimers.
Locate - and then click the disclaimer that you want to preview.
Enabling [activating] and disabling disclaimers
You can enable [activate] or disable any of the "out of the box" disclaimers.
Note: The disclaimers that you configure affect all child-organizations. If you want to modify a disclaimer for a specific child organization only, select that child organization in the Perception Point X-Ray banner before modifying the disclaimer. When you enable disclaimers for your organization, DKIM checks may fail. See "Required configurations after enabling disclaimers" on page 20 below. |
To enable a disclaimer:
In Perception Point X-Ray, in the left navigation menu, select Detection Setup > Disclaimers.
Locate the disclaimer that you want to enable, and then click Activate.
To disable a disclaimer:
In Perception Point X-Ray, in the left navigation menu, select Detection Setup > Disclaimers.
Locate the disclaimer that you want to disable, and then click Disable.
Required configurations after enabling disclaimers
When you enable disclaimers for your organization, DKIM checks may fail. This may cause some emails to go mistakenly to spam. Make sure that your email configuration is as described below, so that this does not occur.
Microsoft 365
Note: If the onboarding procedure was performed successfully, your configuration should already be as described below. The following procedure is not required for integrations that use the Microsoft API connection method. |
Open the Microsoft 365 admin center.
Click Security > Policies & rules > Threat policies > Anti-spam policies > Connection filter policy (Default) > Edit connection filter policy.
Make sure that the IP addresses that are shown below, appear in the Always allow messages from the following IP addresses or address range list.
Note: Select the correct set of IP addresses for the environment of your organization. What is the environment of your organization  In Perception Point X-Ray, go to Account > Preferences. The Environment of your organization will appear under General > Info: US, EU, or AU. |
For US environments | For EU environments | For AU environments |
3.81.182.154 3.93.155.149 3.95.118.12 3.95.142.181 54.227.64.76 52.12.169.124 [required only if muti-region is enabled] | 99.81.216.78 34.249.190.60 108.128.137.108 99.80.189.20 52.12.169.124 [required only if muti-region is enabled] | 13.236.255.231 54.66.125.250 52.12.169.124 [required only if muti-region is enabled] |
Select Turn on safe list.
Click Save.
Google Workspace [G-Suite]
Go to Apps > Google Workspace > Gmail > Safety.
Clear the "Protect against any unauthenticated emails" check box.
Disclaimers with Exchange 2019
If you are using Exchange 2019, you may need to perform the procedure below to enable disclaimers to function correctly.
Locate the following Exchange 2019 xml application configuration file:
edgetransport.exe.config |
Edit the file, adding the following:
key="DisableDetectEncodingFromMetaTag" value="true" |
Restart the transport service.
If necessary, contact Perception Point Support [support@perception-point.io] for assistance.
Channels
This page includes:
About channels 23
Configuring the default channel detection settings 24
Channel categories 24
Viewing the list of enabled and active channels 28
Enabling a channel 29
Activating a channel 30
Deactivating a channel 30
About channels
Perception Point X-Ray can protect various channels, such as email, browser, and Microsoft Teams. Channels are also known as integrations or collaborations.
Each channel can have one of the following three statuses:
Disabled | A disabled channel is not protected. If you want to protect a disabled channel, the channel must first be enabled and then activated. Disabled channels appear in the Additional Channels section on the bottom of the Channels page. For details on how to enable a disabled a channel, see "Enabling a channel" on page 29 below. |
Enabled | An enabled channel is not protected. If you want to protect an enabled channel, the channel must be activated. Enabled channels appear in the Enabled Channels section at the top of the Channels page. Enabled channels are marked as being Inactive [  ]. For details on how to activate an enabled channel, see "Activating a channel" on page 30 below. |
Active | An active channel is protected by Perception Point X-Ray, and is called a protected channel.  Active channels appear in the Enabled Channels section at the top of the Channels page. Active channels are marked as being Active [  ]. |
Additional channels are added by Perception Point from time-to-time. If you want to protect a channel that does not appear in the list of channels below, contact Perception Point Support [support@perception-point.io].
Configuring the default channel detection settings
You can configure various default settings that affect the detection that is performed during scans. These default settings apply to all channels. For details, see Detection.
Channel categories
The available channels are divided into the following categories:
Advanced Security
Cloud Storage
Messaging
CRM
Cloud Endpoint
Other integrations
Advanced Security
Email Service Only a single email service integration can be enabled at any time - either Microsoft 365 or Google Workspace. | |
Microsoft 365 [ ] | Integration with Microsoft 365 uses the inline or the Microsoft API connection methods - with no MX record change. Connection scope: Indicates which emails will be scanned: inbound, outbound, and internal. For setup instructions, see Connecting Microsoft 365. |
| Account Takeover (ATO) detection Detects if an email account has been taken-over. Requires integration of Perception Point X-Ray with Microsoft 365. For setup instructions, see Configuring Microsoft 365 - ATO. |
Outbound email scanning Scans outgoing [outbound] emails to detect malicious file attachments and malicious URLs. For setup instructions, see Onboarding Microsoft 365 - Outbound - API. | |
Google Workspace [ ] | Integration with Google Workspace uses inline integration - with no MX record change. For setup instructions, see Connecting Google Workspace. |
Browser Extension | |
Browser Security Extension [  ] | The ABS browser extension can scan downloaded files, and check web pages for malicious content. For details, see Advanced Browser Security. |
Advanced Browser Security
Browser Extension [ ] | Scans that were performed by the ABS Browser Extension. For details, see Advanced Browser Security. |
Cloud Storage
Google Drive [  ] | Helps to protect all the files in your Google Drive account. After you add Google Drive as a channel, Perception Point X-Ray will scan all files that are uploaded to Google Drive, and all files in Google Drive that are modified. For details on how to configure the Google Drive integration, see Google Drive integration. |
OneDrive [  ] | Helps to protect all the files in your Microsoft OneDrive account. When you add OneDrive as a channel, Perception Point X-Ray will scan all files that currently exist in OneDrive. Thereafter, Perception Point X-Ray will scan all files that are uploaded to OneDrive, and all files in OneDrive that are modified. For details on how to configure the OneDrive integration, see OneDrive integration. |
Dropbox [ ] | Helps to protect all the files in your Dropbox account. When you add Dropbox as a channel, Perception Point X-Ray will scan all files that currently exist in Dropbox. Thereafter, Perception Point X-Ray will scan all files that are uploaded to Dropbox, and all files in Dropbox that are modified. For details on how to configure the Dropbox integration, see Dropbox integration. |
Box [ ] | Helps to protect all the files in your Box account. When you add Box as a channel, Perception Point X-Ray will scan all files that currently exist in Box. Thereafter, Perception Point X-Ray will scan all files that are uploaded to Box, and all files in Box that are modified. For details on how to configure the Box integration, see Box integration. |
SharePoint [  ] | For details on how to configure the Microsoft SharePoint integration, see SharePoint integration. |
Amazon S3 [  ] | Enhance your Amazon S3 security by scanning every file that is uploaded to Amazon S3. For setup instructions, see Amazon S3 integration. |
Messaging
Microsoft Teams [ ] | For details on how to configure the Microsoft Teams integration, see Microsoft Teams integration. |
Slack [ ] | Enhance your Slack security by scanning every file that is uploaded to Slack - as an attachment to a conversation. For setup instructions, see Slack integration. |
CRM
SalesForce [  ] |
For details on how to configure the Salesforce integration, see Salesforce integration. |
Zendesk [ ] | Enhance your Zendesk security by scanning every file that is uploaded to Zendesk - as an attachment to a comment in a ticket. For setup instructions, see Zendesk integration. |
Cloud Endpoints
CrowdStrike [ ] | For details, see CrowdStrike integration. |
SentinelOne [  ] | For details, see SentinelOne integration. |
Cynet [  ] | For details, see Cynet integration. |
Other Integrations
Self Analyze [  ] | Scans that were performed using the Self Analyze feature in Perception Point X-Ray. For details, see Self Analysis. |
API [  ] | Scans that were performed using the files and urls APIs. For details, see API - Files and API - URLs. |
Viewing the list of enabled and active channels
Each channel can be in one of the following statuses: disabled, enabled, or active. You can view a list of the enabled and active channels.
To view the list of enabled and active channels:
In Perception Point X-Ray, in the left navigation menu, select Account > Channels.
In the Enabled Channels section, at the top of the Channels page, all enabled and active channels are shown.
Note: Some of the enabled channels may be active and some may be inactive. |
Enabling a channel
Each channel can be one of the following statuses: disabled, enabled, or active. It is possible to enable a disabled channel. A channel must be enabled before it can be activated.
Note: Before enabling a channel, contact your Customer Success Manager at Perception Point to make sure that the channel is included in your current Perception Point X-Ray license. If you do not have permission to enable a channel, contact your Customer Success Manager at Perception Point. |
To enable a channel:
In Perception Point X-Ray, in the left navigation menu, select Account > Channels.
In the Additional Channels section, on the bottom of the Channels page, click Edit [
].
Note: If the Edit button does not appear, you may not have permission to enable a channel. Contact your Customer Success Manager at Perception Point. |
Locate the channel that you want to enable, and the click Enable, located on the right side. The channel will be moved from the Additional Channels section to the Enabled Channels section.
Activating a channel
Each channel can be in one of the following statuses: disabled, enabled, or active. You can activate an enabled channel. When the activation procedure is complete, the channel will be active. Each channel that is active is protected by Perception Point X-Ray.
To activate a channel:
In Perception Point X-Ray, in the left navigation menu, select Account > Channels.
In the Enabled Channels section, at the top of the Channels page, locate the channel that you want to activate, and click Activate.
This will start the activation procedure. Each channel has its own unique activation procedure. For details about the activation procedure for a specific channel, see the dedicated page in this Documentation Center.
Note: If the Activate button doesn't appear, you may not have permission to enable a channel. Contact your Customer Success Manager at Perception Point. |
Deactivating a channel
Each channel can be one of the following statuses: disabled, enabled, or active. It is possible to deactivate an active channel. After you deactivate a channel, it will no longer be protected by Perception Point X-Ray.
To deactivate a channel:
In Perception Point X-Ray, in the left navigation menu, select Account > Channels.
In the Enabled Channels section, at the top of the Channels page, locate the Active channel that you want to deactivate, and click Deactivate.
Deactivating Advanced Browser Security
When you deactivate Advanced Browser Security, all extension-side functionality will be inactive. This includes:
Website/file malware detection will be in disabled mode.
Website rules will not take effect.
Anti-tampering will not operate.
Upload auditing will not operate.
There will be limited Advanced Browser Security console functionality:
Users can be added and removed.
Policy assignments stay as-is.
Policy objects can't be changed.
Extension activity can be viewed.
Protected Email Assets
This page includes:
About protected email assets 31
Protected email assets - Inline domains 32
Protected email assets - Microsoft 365 API integrations 33
Adding a new domain 36
Troubleshooting domain verification 41
About protected email assets
The Protected Email Assets page lets you view and manage the email-related assets in your organization that are protected by Perception Point X-Ray.
To open the Protected Email Assets page:
In Perception Point X-Ray, in the left navigation menu, select Account > Protected Email Assets.
The Protected Email Assets page is available to admin users with a "Cyber Analyst" [or higher] role. |
Protected email assets - Inline domains
The Protected Email Assets > Inline Domains section shows all the domains that have been defined for any of the following integrations:
Microsoft 365 - Inline
Google Workspace
Microsoft Exchange
"Other" integrations
If you select a parent organization in the Perception Point X-Ray banner, then the Protected Email Assets page shows all the inline domains in all the child organizations.
If you select a child organization in the Perception Point X-Ray banner, then the Protected Email Assets page shows the inline domains in the selected child organization only.
For each domain, you can see the verification status of the domain - that is, whether the domain is already verified, or if verification is still pending. This information is displayed for both the primary and the secondary records.
Note: [Microsoft 365 Inline integrations only] If you have configured the integration to protect specified domains, groups, or users, information about the groups and users is not shown on this page. |
For details on how to add a domain to an existing Microsoft 365 Inline integration, see "Adding a new domain" on page 36.
You can delete a domain that is not yet verified. If the domain is already verified, then contact Perception Point Support [support@perception-point.io] for assistance in deleting the domain.
Protected email assets - Microsoft 365 API integrations
"About protected email assets - Microsoft 365 API integrations" on page 33 "Full protection vs Partial protection" on page 34 "Editing the protected assets [this functionality is not yet available]" on page 35 "Asset details" on page 35 |
About protected email assets - Microsoft 365 API integrations
The Protected Email Assets page shows information about the email-related assets that are protected by Microsoft 365 API integrations. You can also perform some editing functions on this page, as described below.
The protected assets can include:
Domains
Groups
Users
Note: Email assets that are protected by a Microsoft API integration are shown only for child organizations - the protected assets are not shown when a parent organization is selected in the Perception Point X-Ray banner. |
Full protection vs Partial protection
For Microsoft API integrations, you can use the Protected Email Assets page to choose which email assets to protect - either the full Microsoft 365 account, or only specified assets inside the account.
Protect the Entire MS365 Account
Protects all the users inside all the domains in the organization's Microsoft 365 account, including existing assets and future assets [that is, domains that are added to the organizations Microsoft 365 account in the future will be automatically protected].
Note: When the "protect all" option is selected, you won't be able to select a domain, and then disable or delete the domain. To delete or disable a domain, first change the organization protection to "Protect selected email assets only" |
Protect Selected Email Assets
Protects only the specified domains, groups, and users.
Switching between the two protection coverage modes
Switching from "Protect Selected Email Assets" to "Protect the Entire MS365 Account":
All the currently selected email assets remain protected, and protection is extended to cover all email assets in the organization's Microsoft 365 account - including both existing assets and assets that are added in the future.
Switching from "Protect the Entire MS365 Account" to "Protect Selected Email Assets":
Maintains protection of the domains that are already protected. However, domains that are added in the future will not be automatically protected.
Note: After you switch between the protection coverage modes, due to technical limitations, you won't be able to switch the coverage mode again for one hour. The toggle controls affect Microsoft 365 API assets only - the controls do not affect Microsoft 365 Inline assets. |
Editing the protected assets [this functionality is not yet available]
If your are protecting just a specified set of assets [and not the entire Microsoft 365 account], then you can modify some of the protected assets, as shown below:
Enabling, disabling, and deleting assets | You can use the functionality on the Protected Email Assets page to enable, disable, or delete any of the protected assets. The available controls are found on the right of each protected asset. |
Adding assets | To add a domain, group, or user, click "Configure Email Protection" in the top-right corner. This will open the configuration wizard. For details, see Adding domains, groups, and users. |
Asset details
The following information is shown in the Protected Email Assets page for Microsoft 365 API integrations:
Status: Indicates if the protection for the asset [domain, group, or user] is Active, Disabled, or Empty.
Connection scope: Indicates which email communication types are included in the protection: Inbound, outbound, Internal
Connected Email Addresses: Shows the number of email addresses that are protected by Perception Point X-Ray - inside the domain.
Email Addresses: Shows the number of email addresses that are protected by Perception Point X-Ray - inside the group.
Domains | Shows all the Microsoft 365 API domains that have been added for the organization. You can't add a domain using the functionality on this page. To add a domain to an existing integration, you'll need to perform the entire on-boarding process - see Onboarding Microsoft 365 [API]. | |
Groups | Shows all the groups that were individually specified, that are currently available to be protected by Perception Point X-Ray.
 You can't add a group using the functionality on this page. To add a group to an existing integration, you'll need to re-perform the entire on-boarding process - see Onboarding Microsoft 365 [API]. | |
Users | Shows all the users that were individually specified, that are currently available to be protected by Perception Point X-Ray.
You can't add a user using the functionality on this page. To add a user to an existing integration, you'll need to re-perform the entire on-boarding process - see Onboarding Microsoft 365 [API]. |
Adding a new domain
This page includes:
About adding a new domain
You can add a new domain either as part of a new integration or as part of an existing integration:
Part of a new integration: The required procedures are the same as those that must be performed when you on-board a new integration. For details, see:
Google Workspace | Connecting Google Workspace |
Microsoft 365 - Inline | Step 1 - Onboarding Microsoft 365 [Inline] |
Microsoft 365 - API | Onboarding Microsoft 365 [API] |
Microsoft Exchange | Connecting Microsoft Exchange |
"Other" email services | Connecting "other" email services |
Part of an existing integration: You can add a domain to an existing Microsoft 365 Inline integration or to an existing Google Workspace integration. The required procedures are shown below.
Note: You can't add a domain to any of the following existing integrations: Microsoft 365 API Microsoft Exchange "Other" In all of the above scenarios, to add a domain to an existing integration, it is necessary to re-perform the full on-boarding procedure. See the table above for details. |
Adding a domain to an existing Microsoft 365 Inline integration
To add a domain to an existing Microsoft 365 Inline integration:
In Perception Point X-Ray, click on the Add Services icon [
] on the right side of the Perception Point X-Ray banner.
The Add a New Service dialog box opens.
Make sure that Email Service > Microsoft 365 is selected.
Make sure that Connection Method > Inline is selected.
Click Next. The Connect New Service dialog box opens.
In the Host box, enter the name of the new domain - for example, acme.com
Click FIND SMTP to the right of the domain name.
This should populate the SMTP Servers field. This is the address to which mail will be sent after it has been scanned and marked as being clean.
The required SMTP server is a server in your domain - as it appears in the MX record. Important: Do not enter a value such as smtp.office365.com or outlook.office365.com or smtp.gmail.com. Checking your SMTP server manually You can perform the lookup procedure below to check that the SMTP server that appears is correct:  In Domain Name, enter your domain name - and then click MX Lookup. Your required SMTP server will appear under Hostname.  |
[Optional] Click Add Domain - if more than 1 domain is required - and enter the required details.
Licenses: By default, Perception Point X-Ray will protect all email users in the domains that you specified above. To protect only a limited number of users, contact Perception Point Support.
Click Next.
The "Add TXT Records" dialog box opens. This dialog box includes the TXT record names and TXT record values, that you'll need in order to add and verify the TXT records for your domain - in the next step.
Continue with "Verifying your domains" on page 63. |
Adding a domain to an existing Google Workspace integration
To add a domain to an existing Google Workspace integration:
In Perception Point X-Ray, click on the Add Services icon [
] on the right side of the Perception Point X-Ray banner.
Click "Add a new Email Service". The Add a New Service dialog box opens.
Make sure that Email Service > Google Workspace is selected.
Click Next.
Continue with "Verifying your domains" on page 63. |
Troubleshooting domain verification
About troubleshooting domain verification
When you add a TXT record to your domain provider, it may take up to 72 hours for the domain provider to apply and replicate the change. If your domain verification status is still Pending after 72 hours - and can't be verified, try the following:
Check if the TXT record appears as a public record - using MXToolbox - at: https://mxtoolbox.com/TXTLookup.aspx
In MXToolbox, enter the domain name, such as _amazonses.acme.com, and click TXT Lookup.
If the txt record is not found, in your domain provider, check if the record includes a duplicated domain name.
For example, _amazonses[.]acme.com.acme.com
If duplicated, modify the TXT record name to just _amazonses [without the domain name] and save the changes in your domain provider.
If the txt record is found, in MXToolbox, verify that the TXT record name and the TXT record value match the record details in Perception Point.
When the values are correct, perform the procedure to verify your domain.
Organizations
This page includes:
About organizations 42
Organization hierarchy 42
Admin user permissions 43
Propagating settings from a parent organization to child organizations 43
Selecting an organization in Perception Point X-Ray 44
Organization setup - Best practices 44
Organization types 45
Understanding the Organizations page 45
Adding an organization 48
Modifying an existing organization 54
Multi-region 55
About organizations
The Organizations page enables you to manage the organizations in your Perception Point X-Ray deployment.
To open the Organizations page:
In Perception Point X-Ray, in the left navigation menu, select Account > Organizations.
Any admin user with the "Admin" role [or higher] can access the Organizations page. |
Organization hierarchy
Organizations may be in a structured hierarchy. Typically, there is a single parent organization and a number of child organizations. Organizations can't have more than these 2 levels. That is, a child organization can't be the parent of another child organization.
Typically, the parent organization is used to manage and monitor the child organizations.
Scanning should not be performed in parent organizations - scanning should be configured to occur in child organizations only.
Admin user permissions
A person who is an admin in the parent organization will be able to access all the child organizations - even though the admin is not registered in the child organizations. This applies only when the parent is an MSSP-type organization. Admin users in all other organizations-types can access their organization only - and not any child organizations in which they are not registered. An admin user in a child organization can access that child organization only.
Propagating settings from a parent organization to child organizations
In most cases, configurations that are set in a parent organization are NOT applied [propagated] to the child organizations. However, when any of the following are configured in a parent organization, the configurations are applied to the child organizations as well:
Configuration | For more information... |
Allow lists | "Allow lists" on page 67 |
Block lists | "Block lists" on page 86 |
Disclaimers | "Disclaimers" on page 16 |
VIP users | "VIP users" on page 12 |
Custom logos | "Customizing Perception Point X-Ray" on page 104 |
When a setting is propagated from a parent organization to a child organization, and the child organization has the same setting - but set to a different value - the setting in the child organization takes precedence.
Selecting an organization in Perception Point X-Ray
If you are an admin that has access to a parent organization and the associated child organizations, then you'll be able to select which organization to display in Perception Point X-Ray. Use the drop-down on the left side of the Perception Point X-Ray banner to select the required organization. All information displayed in Perception Point X-Ray will relate to the selected organization.
Child organizations are shown slightly indented [
]:
If you are an admin in a child organization only, then you won't be able to select an organization in Perception Point X-Ray - Perception Point X-Ray will always be associated with your single child organization.
Organization setup - Best practices
When you give a name to the parent organization, try to include a word similar to "Parent" or "Main" in the organization name. This will make it easier to identify the parent organization. For example, you could give a name such as:
Acme.com [Parent] |
or
Acme.com [Main] |
For any organization, only a single type of email service integration [Microsoft 365, Google Workspace, or "other"] can be enabled at any time.
In addition, for incoming Microsoft 365 email integrations, either Inline or API can be configured - not both of them simultaneously.
Organization types
The Organization type defines the view/edit permissions of admin users in the organization - in Perception Point X-Ray. Some organization types are applicable to parent organizations only, and some organization types are applicable to child organizations only.
Parent organization types
[These organizations may have child organizations]
MSSP:
Default child type: MSSP customer
Reseller:
Default child type: Indirect Customer
Distributor:
Default child type: Indirect Customer
Multi-organization: For direct organizations that have child-organizations for different business units, channels etc.
Default child type: Indirect Customer
Child organization types
[These organizations can't have child organizations]
Direct customer: Has no parent organization and no child organizations.
MSSP customer:
Indirect customer:
The child organization types that are available for a specific organization depends on the organization type of the parent organization.
Understanding the Organizations page
The Organizations page shows a table with details about your organizations in Perception Point X-Ray.
If you select a parent organization, then the Organizations page shows all the organizations that you have access to - the parent organization and all the child organizations.
To locate the parent organization, look for an organization that has "NFR" as the Contract type.
If you select a child organization, then the Organizations page shows only that child organization.
Use the available controls to filter the organizations that are displayed.
The Organizations table includes the following information:
Active | [  ] The organization is protected by Perception Point X-Ray. [  ] The organization is not protected by Perception Point X-Ray. | |
Risk Rating | The level of risk-rating that is applied to scans that are performed in the organization. Low: Medium: High: | |
Organization ID | The ID of the organization. This ID is generated by Perception Point X-Ray when the organization is created. This ID is never changed after an organization is added. | |
Name | The name of the organization.
| |
Parent | The name of the parent organization. | |
Children | The number of child organizations below this organization. | |
Contract | The type of contract associated with the organization: POC: This is a child organization. Free: This is a child organization. Commercial: This is a child organization. NFR: This is a parent organization. | |
Billed users | The number of billed users in this organization. | |
Recipients |
| |
Protection | Possible options: Follow URL: Species if URL links in emails should be clicked when the email is scanned. When URLs are followed: Exclude high reputation domains: Do not follow links that are included in high-reputation domains. Excluding high-reputation domains reduces the scanning time. Exclude unsubscribe links: Do not click on unsubscribe links. This prevents unintended un-subscriptions from being performed during scans. Block malicious: Shows which scan verdicts will be quarantined. Appears as Inactive if no scan verdicts are quarantined. | |
Channels | Shows which channels in the organization are enabled. For details about enabled channels, see "Channels" on page 23. Note: A channel is protected only if it is enabled and then activated. |
Adding an organization
If you are an admin user in a parent organization, you can add child organizations to the parent organization.
To add an organization
In Perception Point X-Ray, in the left navigation menu, select Account > Organizations.
Click Add. The first page of the Add Organization wizard opens.
For details on the available options, see "Preferences" on page 98.
General
Page 1 | ||
General - Info | ||
Organization name | The name of the organization.Note: After creating an organization, you can't modify the organization name - the organization name can be changed by Perception Point Support only. Contact Perception Point Support for assistance. | |
Parent organization [This option may not be visible to all admin users] | The parent organization of the current organization. The available options are the parent-type organizations in which you are a registered admin user. Leave this field blank if the current organization is a parent organization - and therefore doesn't have a parent organization. | |
Environment | The AWS environment in which the data for your organization is stored in Perception Point X-Ray. You'll need to know the environment when you perform certain procedures during an integration of Perception Point X-Ray with another application, such as when you add the Perception Point X-Ray IPs to an allow list.
| |
Risk rating [This option may not be visible to all admin users] | The level of risk-taking associated with the organization: Low: Medium: High: | |
Allow Multi-Region | Enables the Perception Point X-Ray multi-region functionality that helps to avoid data loss in the case of an AWS SES [Simple Email Service] outage - by enabling the transfer of emails between the AWS US and EU regions. For details, see "Multi-region" on page 55. | |
Escalation contacts | The email address or addresses to which emails will be sent by Perception Point X-Ray in case of an emergency, such as account takeovers and email delivery issues. The escalation contacts enable prompt resolution of urgent incidents. Providing an active 24/7 escalation contact address enables quick response to critical situations - minimizing disruptions, and ensuring the security and reliability of your account and emails. Specifying escalation contacts is mandatory for all new organizations - and when you edit an existing organization. A group email address is recommended. | |
General - License  | ||
Status | Active: When not selected, the organization will not be protected by Perception Point X-Ray. Inactive: If an organization has the status Inactive, and you want to make it active, contact Perception Point Support [support@perception-point.io]. Only Perception Point X-Ray can perform this procedure. | |
Organization type [This option may not be visible to all admin users] | The Organization type defines the view/edit permissions: Organization types that may have child-organizations: MSSP: Reseller: Distributor: Multi-organization: For direct organizations that have child-organizations for different business units, channels etc… Organization types that can't have child-organizations: Direct customer: MSSP customer: Indirect customer: | |
Contract type [This option may not be visible to all admin users] | POC: Proof-of-Concept Free: Commercial: NFR: It will reduce license number by 15, if license source is integration. (if we do billing according to number of licenses we get from MS or google) If number source is manual (reported or purchased), then we do not reduce, as we assume CS will take it into account anyway. | |
Email reported seats | The number of seats that your organization will be billed for if the License source [see below] is set to Email reported seats. | |
Email purchased seats | The number of seats that your organization will be billed for if the License source [see below] is set to Email purchased seats. | |
License source | The source of the value for Active licenses: The options are: Integration, or the specific integration [Microsoft 365 or Google Workspace]: The source of the number of seats to bill is the integration. The number is retrieved through the integration. Reported seats: This option is for companies that report their number of seats, and don't have direct contract with Perception Point. This option is mainly for Acronis organizations and MSSP children. Select License source <Reported seats> and add a number. From that time, the specified number will be used as the license number for billing purposes. Purchased seats: This option is for companies that have a direct contract (PO) with Perception Point, and is mainly for direct customers. Customer Service can select License source <Reported seats> and add a number. From that time, the specified number will be used as the license number for billing purposes. The source for the number of seats that will be billed. Integration: The source of the number of seats to bill is the integration. The number is retrieved through the integration. Reported seats: The source of the number of seats to bill is the "Email reported seats" setting above. Purchased seats: The source of the number of seats to bill is the "Email purchased seats" setting above. | |
Use organization for demo purposes | A demo organization has pre-defined demo scan data copied into the organization - and new scans can't be added. In addition, it is not possible to filter scans by date, and dates are blurred. Only admin users with the Admin role can convert an organization into a demo organization. Organizations that already have scans or domains can't be converted into demo organizations. | |
General - Privacy | ||
Incident response service | Basic: Advanced: Limited: None: | |
Expose level | Public: Limited: Internal: | |
Delete clean scan files immediately | By default, emails that are assigned a clean verdict are maintained for 48 hours in Perception Point X-Ray. After 48 hours, the associated .eml file is deleted. For details, see Verdicts. Select this option to delete the .eml files as soon as a clean verdict is assigned to an email - without waiting 48 hours. | |
Page 2 | ||
Channels | ||
| Lets you specify which channels are enabled in the organization. For information about the Channels section, see "Channels" on page 23. | |
Page 3 | ||
Detection | ||
| For information about the Detection section, see Detection and Quarantine. | |
Reports | ||
| For information about the Reports section, see Printing reports. | |
Alerts | ||
| For information about the Alerts section, see "Alerts" on page 111. | |
Modifying an existing organization
You may be required to modify an existing organization. You can modify only a sub-set of the information that is included in each organization.
To modify an existing organization:
In Perception Point X-Ray, in the left navigation menu, select Account > Organizations.
Locate the organization that you want to modify, and then click the Edit icon [
] on the right side.
For details on the available options, see "Preferences" on page 98.
Multi-region
This page includes:
About multi-region
The multi-region functionality helps to avoid data loss in the case of an AWS SES [Simple Email Service] outage - by enabling the transfer of emails between the AWS US and EU regions. If multi-region is enabled, when an AWS SES outage occurs, emails will be transferred from the primary region [US East or Europe] to a secondary region [US West], until the primary AWS region is again up and running.
Note: Since the secondary server is located in the US, and not in the EU, the multi-region functionality is not GDPR compliant. |
Enabling multi-region functionality
Multi-region functionality can be enabled for any organization - either an existing organization or a new organization.
Licensing: There are no additional licensing requirements for enabling the multi-region functionality. |
To enable multi-region functionality for an existing organization:
In Perception Point X-Ray, in the left navigation menu, select Account > Preferences.
Under General, click Edit, select Allow Multi-region, and then click Save.
Click the Email Domains tab.
Locate the required domain, and then add the secondary TXT record into your domain provider.
To enable multi-region functionality for a new organization:
When you create a new organization, select "Allow Multi-Region" in the first step of the organization creation wizard.
TXT record requirements
When you enable the multi-region functionality, you'll need to add an additional TXT record for the secondary region - for each existing domain and each new domain.
Existing domains: In Perception Point X-Ray, in the left navigation menu, select Account > Email Domains. Locate the required domain, and then add another TXT record for the secondary region.
New domains: During the process of adding a new domain, you'll be required to add a TXT record for the primary region and another TXT record for the secondary region.
IP address requirements
When you enable the multi-region functionality - for all existing email service integrations - you'll need to add an additional IP address [52.12.169.124] to your inbound gateway. For details, see:
Step 3 - Configuring Google Workspace - 1 place
Step 3 - Configuring Microsoft 365 [Inline] - 3 places
Step 3 - Configuring Exchange- 2 places
Step 3 - Configuring "other" email systems - 1 place
You'll also need to change the host name [inbound mail connector] - typically called "Perception Point Scanner". For details, see the references above.
Disabling multi-region functionality
When you disable the multi-region functionality, you'll need to delete the additional IP address [52.12.169.124] from your inbound gateway. For details, see:
Step 3 - Configuring Google Workspace - 1 place
Step 3 - Configuring Microsoft 365 [Inline] - 3 places
Step 3 - Configuring Exchange- 2 places
Step 3 - Configuring "other" email systems - 1 place
You'll also need to change the host name [inbound mail connector] - typically called "Perception Point Scanner". For details, see the references above.
Multi-region applicability
The multi-region functionality does not apply to the following scenarios:
Microsoft 365 - with the Microsoft API connection method
Microsoft 365 - in journaling mode
Domains
IMPORTANT: The "Domains" page has been removed and replaced by the "Protected Email Assets" page. For details, see "Protected Email Assets" on page 31. |
This page includes:
About domains 57
Adding a new domain 57
Deleting a domain 63
Verifying your domains 63
About domains
You need a verified domain for each email service that you integrate with Perception Point. When you connect a new email service, a new domain is added to Perception Point. You can also add a new domain after connecting an email service. After the domain is added, you'll need to verify it.
Once created, a new domain will appear in the Domains page.
To show the Domains page: In Perception Point X-Ray, in the left navigation menu, select Account > Email Domains.
Permission: Any admin user with the "Controller" role [or higher] can access the Domains page. |
Adding a new domain
To add a new domain:
On the right of the Perception Point X-Ray banner, click the Add Services [
] icon.
Click Add New Domain - if this option appears.
Select the Organization - if this option appears.
Specify the Escalation Contacts. For details, see "Escalation contacts" on page 99.
Select the Email Service.
Select the Connection Method.
Open and then follow the appropriate drop-down below:
For Google Workspace integrations only Click ENABLE G-Suite APP You will be redirected to a page with instructions, and at the bottom, a place to enter an email address.  Keep this page open - you will return to this page later to complete this step, as described below. In Google Workspace: Go to your Google Workspace domain's Admin Console. Click Security > Access and data control > API controls. Scroll down to the Domain wide delegation section, and then select Manage Domain Wide Delegation. Click Add new. Under Client ID, enter 105845669529204264254 Add these scopes to the 0Auth scopes section: https://mail.google.com/ https://www.googleapis.com/auth/admin.directory.user.readonly https://www.googleapis.com/auth/admin.directory.group.readonly Click Authorize. In Perception Point X-Ray In Perception Point X-Ray, in the field with the text "Your Email", enter your admin email address. 
Click Submit. The next step in the wizard appears. | |
For Microsoft 365 integrations only Click ENABLE M365 APP You will be redirected to sign-in to your Microsoft account. Sign-in to your Microsoft account as a global admin.  Click Accept. The next step in the wizard appears.  | |
For "Exchange" and "Other" integrations only Click Next. The next step in the wizard appears. |
In the Host box, enter the name of the new domain - for example, acme.com
Click FIND SMTP to the right of the domain name.
This should populate the SMTP Servers field. This is the address to which mail will be sent after it has been scanned and marked as being clean.
The required SMTP server is a server in your domain - as it appears in the MX record. Important: Do not enter a value such as smtp.office365.com or outlook.office365.com or smtp.gmail.com. Checking your SMTP server manually You can perform the lookup procedure below to check that the SMTP server that appears is correct:  In Domain Name, enter your domain name - and then click MX Lookup. Your required SMTP server will appear under Hostname. |
[Optional] Click Add Domain - if more than 1 domain is required - and enter the required details.
Licenses: By default, Perception Point X-Ray will protect all email users in the domains that you specified above. To protect only a limited number of users, contact Perception Point Support.
Click Next.
The "Add TXT Records" dialog box opens. This dialog box includes the TXT record names and TXT record values, that you'll need in order to add and verify the TXT records for your domain - in the next step.
What's Next
You must now verify the new domain or domains that you added. For details, see "Verifying your domains" on page 63. |
Deleting a domain
If a domain has not been verified, an admin in Perception Point X-Ray can delete the domain. After a domain has been verified, an admin in Perception Point X-Ray can no longer delete that domain - only Perception Point Support can delete the domain. Contact Perception Point Support [support@perception-point.io] for assistance.
Important: Before you request Perception Point Support [support@perception-point.io] to delete a verified domain, make sure that you do the following:
|
Verifying your domains
This page includes:
About verifying your domains
You need one or more verified domains for each email service that you integrate with Perception Point. After you add a domain, you'll need to verify the domain. Verifying a domain includes:
Adding a TXT record to your domain provider
Verifying the TXT record
Adding a TXT record
Note: For each TXT record that you add, you will need the TXT record name and the TXT record value. If multi-region functionality is enabled, you will need to add TXT records for both the primary region and the secondary region. [see "Multi-region" on page 55] After adding a TXT record to your domain provider, don't remove the TXT record as long as you are connected to Perception Point X-Ray - as the TXT record allows Perception Point X-Ray to constantly authenticate with the DNS supplier. |
To add a TXT record:
Open Perception Point X-Ray.
In the left navigation menu, select Account > Email Domains.
Locate and then open the required domain.
Click Copy [
] to copy the "TXT record name" to the clipboard.
Go to your domain provider and add the TXT record name, using the value that you copied to the clipboard.
Click Copy [
] to copy the "TXT record value" to the clipboard.
Go to your domain provider and add the TXT record value, using the value that you copied to the clipboard.
Note Other AWS products may use this method of domain verification. This is OK, as it is acceptable to have more than one _amazonses.domain record, as long as the record values are different. |
Verifying the new TXT record
Note When you add a TXT record to your domain provider, it may take up to 72 hours for your domain provider to apply and replicate the change. Inform Perception Point Support [support@perception-point.io] if the domain is not verified after a few hours. |
To verify a new TXT record:
Open Perception Point X-Ray.
In the left navigation menu, select Account > Email Domains.
Locate and then open the required domain.
Locate "TXT record verification". It should have the "Pending" status.
Click Verify on the right of "TXT record verification".
The status should change from Pending to Verified.
Note: If multi-region functionality is enabled, you'll need to verify TXT records for both the primary region and the secondary region. [see "Multi-region" on page 55] |
If you are adding a domain to a new email integration: | If you are adding a domain to an existing email integration: | |
| You must now perform Step 3 to configure the email service. For details, see: | See "Completing the process for existing integrations" on page 66 below. |
| Step 3 - Configuring Google Workspace Step 3 - Configuring Microsoft 365 [Inline] Step 3 - Configuring Exchange Step 3 - Configuring "other" email systems |
|
Troubleshooting domain verification
When you add a TXT record to your domain provider, it may take up to 72 hours for the domain provider to apply and replicate the change. If your domain verification status is still Pending after 72 hours - and can't be verified, see "Troubleshooting domain verification" on page 41.
Completing the process for existing integrations
If you're adding a domain to an existing email integration, after you have validated the new domain you'll need to perform one of the procedures below.
Microsoft 365 - Inline
In the Exchange admin center, click Mail flow > Rules.
[Click here: https://admin.exchange.microsoft.com/#/transportrules]Select the Perception Point Redirect Rule.
Click Edit rule conditions.
Under Apply this rule if, select:
"The recipient" > domain is. Add the domain or domains that you have just verified.
Click Save to save the modified rule.
Google Chrome
Sign-in to the Google Admin console at admin.google.com.
Select Apps > Google Workspace > Gmail.
Scroll down to Compliance, and click it.
[or click here: https://admin.google.com/u/1/ac/apps/gmail/compliance]
Scroll down to Content Compliance.
Select the Perception Point Redirect Rule, and then click Edit.
In the Rules condition, scroll down and the click Show options.
Under C. Envelope filter > Only affect specific envelope recipients > Pattern match
Add the new domain, using a pipe symbol [|] to separate the domains [and without spaces between the domains], as follows:
Old_domain|New_domain |
Click Save.
Allow lists
This section includes:
About allow lists 68
Types of allow lists 68
Propagating allow lists from a parent organization to child organizations 70
Global allow lists 70
Bulk import of allow list entries 70
Configuring the "sender email address allow list" 72
Configuring the "recipient email address allow list" 76
Configuring the "sender IP allow list" 78
Configuring the "URL allow list" 81
Configuring the "hash allow list" 85
About allow lists
Allow lists help to reduce the number of false-positive [FP] scan verdicts. A false-positive verdict is when a malicious or spam verdict is assigned to a scan, but where the correct verdict is clean. Allow lists are typically implemented when some aspect of the email, file, or URL that is to be scanned, is trustworthy. For example, the email may be sent from an known and trusted email address, or from an IP address that can be trusted.
For most of the allow lists, you'll need to specify either that:
the spam scan engines will not be applied - and spam verdicts are therefore not possible,
or
that no scan is performed at all, and a clean verdict is applied.
Note: If the same item is included in both an allow list and a block list, the allow list will take precedence. |
Types of allow lists
You can configure various allow lists in Perception Point X-Ray:
Sender email address allow list: | When an email is received from an email address that is included in the "Sender email address allow list", then you can select to: not scan the email, and set the scan verdict to clean. or scan the email - without applying the spam scanning engines. A spam verdict is therefore not possible. |
Recipient email address allow list: | When an email is sent to an email address that is included in the "Recipient email address allow list", then you can select to: not scan the email, and set the scan verdict to clean. or scan the email - without applying the spam scanning engines. A spam verdict is therefore not possible. |
Sender IP allow list: | When an email is received from an IP address that is included in the "Sender IP allow list", then you can select to: not scan the email, and set the scan verdict to clean. or scan the email - without applying the spam scanning engines. A spam verdict is therefore not possible. |
URL allow list: | When a URL that is included in the "URL allow list" should possibly be scanned, then you can select to: not scan the URL, and set the scan verdict to clean. or scan the URL- without applying the spam scanning engines. A spam verdict is therefore not possible. |
Hash allow list: | When file should possibly be scanned, if the hash of the file is included the "hash allow list," then the file will not be scanned, and the scan verdict will be set to clean. |
The Allow List/Block List page is available to admin users with the "Cyber Analyst" role [or higher] only. |
Note It is possible to perform a bulk import of allow list entries. For details, contact Perception Point Support [support@perception-point.io]. |
For details about blocklists, see "Block lists" on page 86.
Propagating allow lists from a parent organization to child organizations
All allow list entries that are configured in a parent organization are applied to the child organizations as well.
Note: Allow list entries that are propagated from a parent organization are not visible in the child organizations. |
If you want to add an allow list entry to a specific child organization only, make sure to select that child organization when you configure the new allow list entry.
Global allow lists
Perception Point X-Ray maintains global allow lists - with entries that apply to all organizations. Entries in globally maintained allow lists do not appear in the allow lists of your organization. When you add an entry to an allow list, you'll know that the entry was added successfully only if you see a "successfully added" message, similar to the following:
If you add an entry, and a "successfully added" user notification doesn't appear, this may indicate that the entry is included in the globally maintained allow list. The entry that you tried to add therefore won't appear in the allow list for your organization.
Bulk import of allow list entries
It is possible to perform a bulk import of allow list entries. This import procedure can be performed by Perception Point Support only.
[See the "Suggested email template" on page 71 below]
When you request Perception Point Support [support@perception-point.io] to perform a bulk addition of allow list entries, you'll need to:
Specify the name of the organization in Perception Point X-Ray to which the allow-list entries will be added.
Specify to which allowlist to add the entries [such as Sender email address, Recipient email address, or Sender IP allow list]. Send a separate file for each allowlist.
Supply a simple list or a CSV file that includes the required information.
Note: For domains, don't include a wildcard character [*], a period [.], or an at sign [@] before the domain. For example, *acme.com and *.acme.com and @acme.com are not valid formats. Email addresses should be the email address only - without the sender name. |
Specify whether the "No review - always allow" or the "Review if Malicious (allow if spam)" option should be configured as the "verdict" in the allow list:
No review - always allow: No scan is performed at all, and a clean verdict is always applied.
or
Review if Malicious (allow if spam): The spam engines will not be applied during a scan - and spam verdicts are therefore not possible. The malicious engines are applied.
For "sender email address allow lists" - specify to disable SPF checks for the new entries. For details, see "Disable IP/SPF Check" on page 76 below.
Send the allow lists to: Perception Point Support [support@perception-point.io]
For security reasons, Perception Point Support may advise you to:
limit the number of entries that you request to be added to an allow list.
review the list because it contains problematic entries, such as domains that are often abused for credential phishing attacks and scams.
In addition to importing allow lists, Perception Point Support can also import block lists. If Perception Point Support will be importing an allow list and a block list for your organization, include the allow list and block list in separate files. For details about importing bulk block list entries, see "Bulk import of block list entries" on page 88.
Suggested email template
Subject: Bulk import of allow list entries |
Hi Perception Point Support Team Please add the attached allowlist entries, using the following settings: Organization name: Allow list: Verdict option: "No review - always allow" or "Review if Malicious (allow if spam)" SPF checks: Enable or Disable Please let us know when this has been done. Thank you |
For further details about bulk importing of allow list entries, contact Perception Point Support [support@perception-point.io].
Configuring the "sender email address allow list"
When an email is received from an email address that is included in the "Sender email address allow list", then you can select to:
not scan the email, and set the scan verdict to clean.
or
scan the email - without applying the spam scanning engines. A spam verdict is therefore not possible.
Follow the procedure below to allow-list sender email addresses and sender domains [such as acme.com].
Note: When an SPF check is performed, if the sender fails the SPF check, the email will not be allow-listed [even though it is on the allow list], and may be assigned a malicious or spam verdict. This is done to prevent possible spoofing attempts. For further details, see "Disable IP/SPF Check" on page 76 below. |
To add an entry to the "sender email address allow list":
In Perception Point X-Ray, in the left navigation menu, select Detection Setup > Allow List / Block List.
Click Add Address on the right of "Sender Email Address Allow List".
Configure the required settings.
Organization | Select the organization to which the allow list applies.
| ||
Sender Email Address | Specify the email address of the sender. Emails from this sender email address will be allow-listed. You can also specify a domain, such as acme.com. All email addresses inside the domain will be included in the allow list. For example, if you specify acme.com: All sub-domains in the "acme.com" domain will be included in the list. This includes sub-domains such as legal.acme.com and drivers.acme.com Don't include a wildcard character [*], a period [.], or an at sign [@] before the domain. For example, *acme.com and *.acme.com and @acme.com are not valid formats. Domain names are not case-sensitive.
| ||
Verdict | Specify which scans will be performed on emails and URLs that satisfy this allow-list entry: No review - always allow: The email or URL will not be scanned, and the scan verdict will be set to clean. No links in the email will be clicked. Review if Malicious (allow if spam): The email or URL will be scanned: The spam scanning engines won't be applied. A spam verdict is therefore not possible. The malicious scanning engines will be applied. If the initial verdict is malicious, the scan will maintain its malicious verdict.
Note about restricted files Scans of emails that include restricted files [that is, attachments that are in the list of restricted file types or URLs that include references to files that are in the list of restricted file types] will be handled as follows, depending on the option that you select: No review - always allow: The scan will be set to clean. Review if Malicious (allow if spam): The scan will be set to restricted, malicious, or clean - but never spam. For details about restricted file types, see Restricted file types. | ||
Comment | Add an optional comment. | ||
Disable IP/SPF Check | When this option is selected, no IP/SPF checks will be performed for this email address - for the verdicts that are specified above [No review - always allow or Review if Malicious (allow if spam)]. Select this option when the sender has not set up an SPF record or the SPF record is broken or incorrectly configured.
See also: About SPF checks
|
Click Add Sender Email Address.
Note: If you don't see a "successfully added" user notification, and if the entry that you tried to add doesn't appear in your allow list, this may indicate that the entry is included in the globally maintained allow list. For details, see "Global allow lists" on page 70. |
Configuring the "recipient email address allow list"
When an email is sent to an email address that is included in the "Recipient email address allow list", then you can select to:
not scan the email, and set the scan verdict to clean.
or
scan the email - without applying the spam scanning engines. A spam verdict is therefore not possible.
To add an entry to the "recipient email address allow list":
In Perception Point X-Ray, in the left navigation menu, select Detection Setup > Allow List / Block List.
Click Add Address on the right of "Recipient Email Address Allow List".
Configure the required settings.
Organization | Select the organization to which the allow list applies.
| |
Recipient Email Address | Specify the email address of the recipient. Emails to this recipient will be allow-listed. If you need to include a wildcard character [*] in the definition of an allow list, contact Perception Point support for assistance. | |
Verdict | Specify which scans will be performed on emails and URLs that satisfy this allow-list entry: No review - always allow: The email or URL will not be scanned, and the scan verdict will be set to clean. No links in the email will be clicked. Review if Malicious (allow if spam): The email or URL will be scanned: The spam scanning engines won't be applied. A spam verdict is therefore not possible. The malicious scanning engines will be applied. If the initial verdict is malicious, the scan will maintain its malicious verdict.
Note about restricted files Scans of emails that include restricted files [that is, attachments that are in the list of restricted file types or URLs that include references to files that are in the list of restricted file types] will be handled as follows, depending on the option that you select: No review - always allow: The scan will be set to clean. Review if Malicious (allow if spam): The scan will be set to restricted, malicious, or clean - but never spam. For details about restricted file types, see Restricted file types. | |
Comment | Add an optional comment. |
Click Add Recipient Email Address.
Note: If you don't see a "successfully added" user notification, and if the entry that you tried to add doesn't appear in your allow list, this may indicate that the entry is included in the globally maintained allow list. For details, see "Global allow lists" on page 70. |
Configuring the "sender IP allow list"
When an email is received from an IP address that is included in the "Sender IP allow list", then you can select to:
not scan the email, and set the scan verdict to clean.
or
scan the email - without applying the spam scanning engines. A spam verdict is therefore not possible.
To add an entry to the sender IP allow list:
In Perception Point X-Ray, in the left navigation menu, select Detection Setup > Allow List / Block List.
Click Add IP on the right of "Sender IP Allow List".
Configure the required settings.
Organization | Select the organization to which the allow list applies.
| |
Sender IP | Specify the IP address of the sender. Emails from this sender IP address will be allow-listed. If you need to include a wildcard character [*] in the definition of an allow list, contact Perception Point Support [support@perception-point.io] for assistance. By default, for security reasons, allow-listing a subnet [range] is not recommended. For possible implementation details, contact Perception Point Support [support@perception-point.io]. | |
Verdict | Specify which scans will be performed on emails and URLs that satisfy this allow-list entry: No review - always allow: The email or URL will not be scanned, and the scan verdict will be set to clean. No links in the email will be clicked. Review if Malicious (allow if spam): The email or URL will be scanned: The spam scanning engines won't be applied. A spam verdict is therefore not possible. The malicious scanning engines will be applied. If the initial verdict is malicious, the scan will maintain its malicious verdict.
Note about restricted files Scans of emails that include restricted files [that is, attachments that are in the list of restricted file types or URLs that include references to files that are in the list of restricted file types] will be handled as follows, depending on the option that you select: No review - always allow: The scan will be set to clean. Review if Malicious (allow if spam): The scan will be set to restricted, malicious, or clean - but never spam. For details about restricted file types, see Restricted file types. | |
Comment | Add an optional comment. |
Click Add Sender IP.
Note: If you don't see a "successfully added" user notification, and if the entry that you tried to add doesn't appear in your allow list, this may indicate that the entry is included in the globally maintained allow list. For details, see "Global allow lists" on page 70. |
Configuring the "URL allow list"
By default, when Perception Point X-Ray scans an email, Perception Point X-Ray "clicks" each URL that is included in the email - and then scans the URL to check if the URL is safe. Although this is the desired behavior from a security perspective, it can result in various undesired scenarios, such as:
clicking one-time links - that are thereafter not available to the email recipients
clicking unsubscribe links
To prevent the above scenarios, you can include a list of URLs in the "URL allow list". Then, when any of these URLs is included in an email, you can configure Perception Point X-Ray to:
not scan the URL, and set the scan verdict to clean. The associated link is therefore not "clicked".
or
scan the URL - without applying the spam scanning engines. A spam verdict is therefore not possible. The associated link will be "clicked".
Alternatively, you can prevent Perception Point X-Ray from "clicking" every URL that is included in scanned emails. For details, see Detection. However, this option prevents Perception Point X-Ray from "clicking" every URL that is included in ALL scanned emails - which may not be ideal from a security perspective.
Note: "URL follow allow lists" have been deprecated. Existing "URL follow allow lists" will remain functional - but they can't be viewed or edited. For assistance with existing URL follow allow lists, contact Perception Point Support [support@perception-point.io]. The deprecated "URL follow allow list" functionality is replaced by "URL allow lists." |
To add an entry to the "URL allow list":
In Perception Point X-Ray, in the left navigation menu, select Detection Setup > Allow List / Block List.
Click Add URL on the right of "URL Allow List".
Configure the required settings.
Organization | Select the organization to which the allow list applies.
| ||
URL | Specify the URL of sites that will be allow-listed. Use Method below to define how the URL string should be applied. | ||
Method | Specify how the URL string defined above should be applied to determine which URLs to allow-list: Starts with: A URL will be allow-listed if the URL starts with the URL string specified above. In: A URL will be allow-listed if the URL includes the complete URL string specified above.
Domain ends with: A URL will be allow-listed if the URL ends with the URL string specified above. Wildcard: An asterisk [*] included in the URL string above acts as a wildcard - representing any set of characters. If Wildcard is not selected, then an asterisk in the URL acts as an asterisk, and not as a wildcard. If Wildcard is selected, but no asterisk [*] is specified in the URL string above, then each URL will be evaluated as if the "Exact" method has been selected.
Exact: A URL will be allow-listed if the URL is the exact URL string specified above. | ||
Verdict | Specify which scans will be performed on emails and URLs that satisfy this allow-list entry: No review - always allow: The email or URL will not be scanned, and the scan verdict will be set to clean. No links in the email will be clicked. Review if Malicious (allow if spam): The email or URL will be scanned: The spam scanning engines won't be applied. A spam verdict is therefore not possible. The malicious scanning engines will be applied. If the initial verdict is malicious, the scan will maintain its malicious verdict.
Note about restricted files Scans of emails that include restricted files [that is, attachments that are in the list of restricted file types or URLs that include references to files that are in the list of restricted file types] will be handled as follows, depending on the option that you select: No review - always allow: The scan will be set to clean. Review if Malicious (allow if spam): The scan will be set to restricted, malicious, or clean - but never spam. For details about restricted file types, see Restricted file types. | ||
Apply to all channels | Select "Apply to all channels" so that the allow list will apply to scans that originate from any channel. - or - Clear "Apply to all channels" and then select the channels to which the allow list will apply. | ||
Comment | Add an optional comment. |
Click Add URL.
Note: If you don't see a "successfully added" user notification, and if the URL that you tried to add doesn't appear in your URL allow list, this may indicate that the URL is included in the globally maintained URL allow list. For details, see "Global allow lists" on page 70. |
Configuring the "hash allow list"
When a file should possibly be scanned, if the hash of the file is included in the "hash allow list," then the file won't be scanned, and the scan verdict will be set to clean.
To add an entry to the hash allow list:
In Perception Point X-Ray, in the left navigation menu, select Detection Setup > Allow List / Block List.
Click Add Hash on the right of "Hash Allow List".
Configure the required settings.
Organization | Select the organization to which the allow list applies.
| |
SHA256 | Specify the hash value. Any file with this hash value will not be scanned, and the scan verdict will be set to clean. | |
Comment | Add an optional comment. |
Click Add SHA256.
Note: If you don't see a "successfully added" user notification, and if the entry that you tried to add doesn't appear in your allow list, this may indicate that the entry is included in the globally maintained allow list. For details, see "Global allow lists" on page 70. |
Block lists
This page includes:
About block lists 86
Types of block lists 86
Global block lists 87
Propagating block lists from a parent organization to child organizations 88
Bulk import of block list entries 88
Configuring the "sender email address block list" 89
Configuring the "sender IP block list" 92
Configuring the "URL block list" 93
Configuring the "hash block list" 96
About block lists
Block lists help to reduce the number of false-negative scan verdicts. If an email scan or a URL scan is initially assigned a clean verdict, you can use a block list to define that the scan verdict should be changed to malicious or spam - if the email or URL meets specified requirements.
Note: If the same item is included in both an allow list and a block list, the allow list will take precedence. |
Types of block lists
You can configure various block lists in Perception Point X-Ray:
Sender email address block list | When an email is scanned, and the scan verdict is clean, if the email is sent from an email address that is included in the "Sender email address block list", then the scan verdict will be set to malicious or spam. |
Sender IP block list | When an email is scanned, and the scan verdict is clean, if the email is sent from an IP address that is on the "Sender IP block list", then the scan verdict will be set to malicious or spam. |
URL block list | When a URL is scanned, and the scan verdict is clean, if the URL is included in the URL block list, then the scan verdict will be set to malicious or spam. |
Hash block list | When a file should possibly be scanned, if the SHA-256 hash of the file is included in the "hash block list," then the file won't be scanned, and the scan verdict will be set to malicious. |
When you define an entry in each of the block lists above, you define if the scan verdict should be changed to malicious or spam.
The Allow List/Block List page is available to admin users with the "Cyber Analyst" role [or higher]. |
Note: It is possible to perform a bulk import of block list entries. For details, see "Bulk import of block list entries" on page 88 below, or contact Perception Point Support [support@perception-point.io]. |
For details about allow lists, see "Allow lists" on page 67.
Global block lists
Perception Point X-Ray maintains global block lists - with entries that apply to all organizations. Entries in globally maintained block lists do not appear in the block lists of your organization - these global entries are visible internally to Perception Point only.
When you add an entry to a block list, you'll know that the entry was added successfully only if you see a "successfully added" message, similar to the following:
If you add an entry, and a "successfully added" user notification doesn't appear, this may indicate that the entry is included in the globally maintained block list. The entry that you tried to add therefore won't appear in the block list for your organization. For further details, contact Perception Point Support [support@perception-point.io].
Propagating block lists from a parent organization to child organizations
All blocklist entries that are configured in a parent organization are applied to the child organizations as well.
Note: Block list entries that are propagated from a parent organization are not visible in the child organizations. |
If you want to add a block list entry to a specific child organization only, make sure to select that child organization when you configure the new block list entry.
Bulk import of block list entries
It is possible to perform a bulk import of block list entries. This import procedure can be performed by Perception Point Support only.
[See the "Suggested email template" on page 89 below]
When you request Perception Point Support to perform a bulk addition of block list entries, you'll need to:
Specify the name of the organization in Perception Point X-Ray to which the block-list entries will be added.
Specify to which block list to add the entries [such as Sender email address, Sender IP, or URL block list]. Send a separate file for each block list.
Supply a simple list or a CSV file that includes the required information.
Note: For domains, don't include a wildcard character [*], a period [.], or an at sign [@] before the domain. For example, *acme.com and *.acme.com and @acme.com are not valid formats. Email addresses should be the email address only - without the sender name. |
Specify the verdict that will be applied to scans that are blocked due to the block list, either Malicious or Spam.
Send the block lists to: Perception Point Support [support@perception-point.io]
In addition to importing block lists, Perception Point Support can also import allow lists. If Perception Point Support will be importing an allow list and a block list for your organization, include the allow lists and block lists in separate files. For details about importing bulk allow list entries, see "Bulk import of allow list entries" on page 70.
Suggested email template
Subject: Bulk import of blocklist entries |
Hi Perception Point Support Team Please add the attached blocklist entries, using the following settings: Organization name: Blocklist: Verdict option: Malicious or Spam Please let us know when this has been done. Thank you |
For further details about bulk importing of block list entries, contact Perception Point Support [support@perception-point.io].
Configuring the "sender email address block list"
Follow the procedure below to block-list sender email addresses and sender domains [such as acme.com]. When you block-list a domain, all email addresses inside the domain will be included in the block list.
To add an entry to the "sender email address block list":
In Perception Point X-Ray, in the left navigation menu, select Detection Setup > Allow List / Block List.
On the right of "Sender Email Address Block List", click Add Address.
Configure the required settings.
Organization | If this option appears, select the organization to which the block list applies.
| |
Sender Email Address | Specify the email address of the sender. Emails that originate from this email address will be block-listed. You can also specify a domain, such as acme.com. All email addresses inside the domain will be included in the block list. For example, if you specify acme.com: All sub-domains in the "acme.com" domain will be included in the list. This includes sub-domains such as legal.acme.com and drivers.acme.com Don't include a wildcard character [*], a period [.], or an at sign [@] before the domain. For example, *acme.com and *.acme.com and @acme.com are not valid formats. Domain names are not case-sensitive.
| |
Verdict | Select the verdict that will be applied to scans of emails that were sent from an email address that is included in the "Sender email address" [see above], either Malicious or Spam. For details on what happens to emails that are assigned a malicious or spam verdict, see Verdicts. | |
Comment | Add an optional comment. | |
Exclude email from the following | When an email is blocked due to this block list definition, then the email will be excluded from the following [as selected]: Admin alerts: For details, see "Alerts" on page 111. End user alerts: For details, see "Alerts" on page 111. Digest reports: For details, see Sending daily quarantine reports. |
Click Add Sender Email Address.
Note: If you don't see a "successfully added" user notification, and if the entry that you tried to add doesn't appear in your block list, this may indicate that the entry is included in the globally maintained block list. For details, see "Global block lists" on page 87. |
Configuring the "sender IP block list"
To add an entry to the sender IP block list:
In Perception Point X-Ray, in the left navigation menu, select Detection Setup > Allow List / Block List.
On the right of "Sender IP Block List", click Add IP.
Configure the required settings.
Organization | If this option appears, select the organization to which the block list applies.
| |
Sender IP | Specify the IP address of the sender. Emails that originate from this IP address will be block-listed. By default, block-listing a subnet is not supported. For possible implementation details, contact Perception Point Support [support@perception-point.io]. | |
Verdict | Select the verdict that will be applied to scans of emails that were sent from the "Sender IP" [see above], either Malicious or Spam. For details on what happens to emails that have been assigned a malicious or spam verdict, see Verdicts. | |
Comment | Add an optional comment. | |
Exclude IP from the following | When an email is blocked due to this block list definition, then the email will be excluded from the following [as selected]: Admin alerts: For details, see "Alerts" on page 111. End user alerts: For details, see "Alerts" on page 111. Digest reports: For details, see Sending daily quarantine reports. |
Click Add Sender IP.
Note: If you don't see a "successfully added" user notification, and if the entry that you tried to add doesn't appear in your block list, this may indicate that the entry is included in the globally maintained block list. For details, see "Global block lists" on page 87. |
Configuring the "URL block list"
The URL block list includes a list of URLs that are block-listed. The block list will apply to URLs that are included in any of the channels that are specified in the block list.
To add an entry to the "URL block list":
In Perception Point X-Ray, in the left navigation menu, select Detection Setup > Allow List / Block List.
On the right of "URL Block List", click Add URL.
Configure the required settings.
Organization | If this option appears, select the organization to which the block list applies.
| ||
URL | Specify the URL of sites that will be block-listed. Use Method below to define how the URL string should be applied. | ||
Method | Specify how the URL string defined above should be applied to determine which URLs to block-list: Starts with: A URL will be block-listed if the URL starts with the URL string specified above. In: A URL will be block-listed if the URL includes the complete URL string specified above.
Domain ends with: A URL will be block-listed if the URL ends with the URL string specified above. Wildcard: An asterisk [*] included in the URL string above acts as a wildcard - representing any set of characters. If Wildcard is not selected, then an asterisk in the URL string acts as a single asterisk character, and not as a wildcard. If Wildcard is selected, but no asterisk [*] is specified in the URL string above, then each URL will be evaluated as if the " Exact" method has been selected.
Exact: A URL will be block-listed if the URL is the exact URL string specified above. | ||
Apply to all channels | Select "Apply to all channels" so that the block list will be applied to all channels. - or - Clear "Apply to all channels" and then select the channels that will be affected by the block list. | ||
Verdict | Select the verdict that will be applied to scans of URLs that are included in "Method" [see above], either Malicious or Spam. For details on what happens to emails that have been assigned a malicious or spam verdict, see Verdicts. | ||
Comment | Add an optional comment. | ||
Exclude url from the following | When an email is blocked due to this block list definition, then the email will be excluded from the following [as selected]: Admin alerts: For details, see "Alerts" on page 111. End user alerts: For details, see "Alerts" on page 111. Digest reports: For details, see Sending daily quarantine reports. |
Click Add URL.
Note: If you don't see a "successfully added" user notification, and if the entry that you tried to add doesn't appear in your block list, this may indicate that the entry is included in the globally maintained block list. For details, see "Global block lists" on page 87. |
Configuring the "hash block list"
When a file should possibly be scanned, if the SHA-256 hash of the file is included in the "hash block list," then the file won't be scanned, and the scan verdict will be set to malicious.
Note: Only SHA-256 hashes are supported. MD-5 hashes and SHA-1 hashes are not supported. |
To add an entry to the hash block list:
In Perception Point X-Ray, in the left navigation menu, select Detection Setup > Allow List / Block List.
Click Add Hash on the right of "Hash Block List".
Configure the required settings.
Organization | If this option appears, select the organization to which the block list applies.
| |
SHA256 | Specify the SHA-256 hash value. Any file with this hash value will not be scanned, and the scan verdict will be set to malicious.
| |
Comment | Add an optional comment. |
Click Add SHA256.
Note: If you don't see a "successfully added" user notification, and if the entry that you tried to add doesn't appear in your block list, this may indicate that the entry is included in the globally maintained block list. For details, see "Global block lists" on page 87. |
Preferences
This page includes:
About the Preferences page 98
Preferences - General - Info 98
Preferences - General - License 99
Preferences - General - Privacy 102
Alerts & Reports 103
Customizations 103
Restricted File Types 103
Customizing Perception Point X-Ray 104
About the Preferences page
The Preferences page lets you specify various preferences for your organization.
To open the Preferences page:
In Perception Point X-Ray, in the left navigation menu, select Account > Preferences.
The Preferences page includes the following:
Preferences - General - Info
Organization name | The name of the organization.
| |
Parent organization [This option may not be visible to all admin users] | The parent organization. | |
Environment | The AWS environment in which the data for your organization is stored in Perception Point X-Ray. You'll need to know the environment when you perform certain procedures during an integration of Perception Point X-Ray with another application, such as when you add the Perception Point X-Ray IPs to an allow list.
| |
Risk rating [This option may not be visible to all admin users] | The level of risk-taking associated with the organization: Low: Medium: High: | |
Multi-region | Enables the Perception Point X-Ray multi-region functionality that helps to avoid data loss in the case of an AWS SES [Simple Email Service] outage - by enabling the transfer of emails between the AWS US and EU regions. For details, see "Multi-region" on page 55. | |
Escalation contacts | The email address or addresses to which emails will be sent by Perception Point X-Ray in case of an emergency, such as suspected account takeovers and email delivery issues. The escalation contacts enable prompt resolution of urgent incidents. Providing an active 24/7 escalation contact address enables quick response to critical situations - minimizing disruptions, and ensuring the security and reliability of your account and emails. Specifying escalation contacts is mandatory for all new organizations - and when you edit an existing organization. A group email address is recommended. |
Preferences - General - License
General - License  | ||
Status | Active: When selected, the organization may be protected by Perception Point X-Ray. Inactive: When not selected, the organization is not be protected by Perception Point X-Ray. Activating or deactivating an organization  Admin users in a parent organization [MSSP/Reseller/Distributor/Multilevel] can activate or deactivate only the child organizations - not the parent organization. Admin users in child organizations can't activate or deactivate the organizations. | |
Organization type [This option may not be visible to all admin users] | The Organization type defines the view/edit permissions of admin users in the organization - in Perception Point X-Ray: Organization types that may have children: MSSP: This organization is primarily used to manage all the child organizations. No channels [email integrations or other integrations] can be configured on these organizations. All integrations must be configured on child organizations. A child organization is created automatically when an MSSP organization is created. Reseller: Distributor: Multi-organization: For direct organizations that have children for different business units, channels etc. Organization types that can't have children: Direct customer: MSSP customer: Indirect customer: | |
Contract type [This option may not be visible to all admin users] | POC: Proof-of-Concept Free: Commercial: NFR: It will reduce license number by 15, if license source is integration. (if we do billing according to number of licenses we get from MS or google) If number source is manual (reported or purchased), then we do not reduce, as we assume CS will take it into account anyway. | |
Email reported seats | This option is typically for companies that report their number of seats, and don't have direct contract with Perception Point. This option is mainly for Acronis organizations and MSSP children. Select License source <Reported seats> and add a number. From that time, the specified number will be used as the license number for billing purposes. The number of seats that your organization will be billed for if the License source [see below] is set to Reported seats. | |
Email purchased seats | This option is for companies that have a direct contract (PO) with Perception Point, and is mainly for direct customers. Customer Service can select License source <Purchased seats> and add a number. From that time, the specified number will be used as the license number for billing purposes. The number of seats that your organization will be billed for if the License source [see below] is set to Purchased seats. This number is specified in the contract. | |
License source | The source for the number of seats that will be billed. Integration, or the specific integration [Microsoft 365 or Google Workspace]: The source of the number of seats to bill is the integration. The number is retrieved through the integration. Reported seats: The source of the number of seats to bill is the "Email reported seats" setting above. Purchased seats: The source of the number of seats to bill is the "Email purchased seats" setting above. Dispute: The source of the number of seats to bill is the "Dispute" setting above. | |
Partial protection approved [This option may not be visible to all admin users] | "Partial protection - Requested" indicates that the organization doesn't want to protect the entire account - but rather wants to protect only a subset of the email addresses in the organization account. "Partial protection - Not requested" indicates that the organization hasn't requested to protect only a subset of the email addresses in the organization account.
| |
Preferences - General - Privacy
General - Privacy | |
Incident response service | IR Monitoring Level Basic: The Perception Point IR Team can review PII that is included in any scan that is not clean - to be able to identify false positives. The Perception Point IR Team can also review any clean scan that the customer has requested to investigate. Advanced: The Perception Point IR Team can review PII of any scan to be able to identify false negatives and false positives. Limited: The Perception Point IR Team can review PII only of scans the customer has requested to investigate. None: The Perception Point IR Team can't review PII of any scan. |
Expose level | Public: Expose only to public data - most of organizations (default - 0.1) Limited: Customer is exposed to internal data. Internal: Customer is exposed to limited data. |
Delete clean scan files immediately | By default, emails that are assigned a clean verdict are maintained for 48 hours in Perception Point X-Ray. After 48 hours, the associated .eml file is deleted. For details, see Verdicts. Select this option to delete the .eml files as soon as a clean verdict is assigned to an email - without waiting 48 hours. |
Alerts & Reports
For more information, see "Alerts" on page 111 and Reports.
Customizations
Allows you to customize various aspects of the Perception Point X-Ray UI, as well as alerts and reports that are sent to end-users. For details, see "Customizing Perception Point X-Ray" on page 104.
Restricted File Types
For more information, see Restricted file types.
Customizing Perception Point X-Ray
IMPORTANT: Some of the functionality on this page may not yet be available. For details on availability, contact Perception Point Support [support@perception-point.io]. |
This page includes:
About customizing Perception Point X-Ray
You can customize various aspects of Perception Point X-Ray, including:
The logo that appears on the left of the banner of Perception Point X-Ray
The logo - and other settings - that appear in "malicious incident alert emails" that are sent to end-users
For details about alert emails, see "Alerts" on page 111.
The logo - and other settings - that appear in Digest reports
For details about Digest reports, see Digest reports.
The Customization section in the Preferences page lets you configure the customization settings for your organization. To open the Preferences page:
In Perception Point X-Ray, in the left navigation menu, select Account > Preferences.
Note: The customization settings affect only the selected organization. If the selected organization is a parent organization, the child organizations are not affected by these customization settings. The end user report customization settings affect only the end user "malicious incident alert emails" and Digest reports - the settings don't affect the weekly, monthly, domain, or Drive reports. |
Configuring the customization settings
To configure the customization settings:
In Perception Point X-Ray, in the left navigation menu, select Account > Preferences.
Scroll down to the Customization section towards the bottom of the page.
Click the Edit [
] icon.
Specify the required settings. For details, see "Customization settings" on page 106 below.
Customization settings
Use these settings to customize various aspects of Perception Point X-Ray.
Organization Logo  | ||||
Custom Logo | The custom logo replaces the "Perception Point X-Ray" logo in various places. You specify the places below. Replacing the default logo is done for white-labeling or branding purposes. Click Upload Image to upload the file that contains your organization logo. Your logo file must be in jpg, jpeg, or png format. The maximum size of your logo file is 200 KB. | |||
Display the logo in the following locations | Specify where the custom logo [uploaded above] will be displayed: Xray UI: Replaces the Perception Point X-Ray logo with your organization's logo - on the left side of the Perception Point X-Ray banner.  End-user alerts: Replaces the Perception Point logo with your organization's logo in alert emails that are sent to end-users. 
Digest reports: Replaces the Perception Point logo with your organization's logo at the top of Digest reports. For details on Digest reports, see Digest reports.
Periodic reports: Replaces the Perception Point logo with your organization's logo in the top-left corner of all Periodic reports. For details on Periodic reports, see Periodic reports.
| |||
Display different custom logo for Xray UI dark theme | Lets you upload a custom logo that will be displayed on the left side of the Perception Point X-Ray banner when the dark theme is used. For details on the dark theme, see "Selecting the display theme" on page 6. Your logo file must be in jpg, jpeg, or png format. The maximum size of your logo file is 200 KB. This option appears only if the custom logo is selected to be displayed in the "Xray UI" [see above]. | |||
End-user email alerts and reports 
| ||||
Sender display name | Replaces the default Sender display name in: "malicious incident alert emails" that are sent to end-users Digest reports By default, the Sender display name is "Perception Point" | |||
"Reply to" email address | Replaces the default Reply-to email address in: "malicious incident alert emails" that are sent to end-users Digest reports By default, the Reply-to email address is "support@perception-point.io" The specified Reply-to address will be the target address when users click "Reply" in a customized alert email or Digest report. | |||
"Contact us" email address | By default, "malicious incident alert emails" and Digest reports include the message below [without a "contact us" link at the end]:
If you specify a "Contact us" email address, then the above message is modified to include a "contact us" link:
When a user clicks "contact us", an email message will be opened, addressed to the specified "Contact us" email address. This simplifies the process of requesting quarantined emails to be released. | |||
Send test email | Sends a test "malicious incident alert email" - that incorporates all the custom settings above. This enables you to check that the customized "malicious incident alert emails" are correctly configured. You can specify one-or-more email addresses to which to send the test email. 
| |||
Time Zone | ||||
Organization time zone [This functionality may not yet be available] | By default, the times that appear in all alerts and reports - that are sent by email - are UTC times. If you select a time zone for your organization, all alerts and digest reports will be based on the selected time zone. The selected time zone will be applied to periodic reports in future releases.
| |||
Alerts
This page includes:
About alerts 111
Configuring alerts 112
Admin alerts and reports - Dialog box options 114
End-user alerts and reports - Dialog box options 116
Additional alert features 119
About alerts
You can configure Perception Point X-Ray to send an email alert each time:
a malicious incident occurs - that is, the scan of an email or of a file is assigned a malicious verdict
- or -
a case is added to the Cases page in Perception Point X-Ray
Malicious incidents
An alert email will be sent each time an email or a file is assigned a malicious scan verdict.
The alert email is sent immediately when the scan is assigned a malicious verdict.
The alert email can be sent to admin users, end users, or both. A similar email is sent to admin users and to end users. The admin version includes slightly more information, as well as a link to the scan in Perception Point X-Ray.
The alert email usually includes a screenshot preview of the original email - to help understand which email was blocked.
Note: If the email includes a suspected malicious QR code, a preview of the email may not be available in the alert email. This is to prevent users from mistakenly accessing the potentially malicious QR code in the preview. |
The alert email is sent irrespective of whether or not the email or file was quarantined.
Alert emails are sent to shared mailboxes as well as to ordinary main boxes.
Malicious emails: Alert emails are sent only when an email is scanned and then automatically assigned a malicious verdict by the system. If the verdict is changed to malicious manually by the Perception Point IR Team or by an admin user, then an alert email is not sent.
For details on how to customize alert emails, see "Customizing Perception Point X-Ray" on page 104.
Malicious cases
An alert email will be sent each time a case is added to the Cases page. The alert email is sent to the specified admin users only, not to end users. For details about cases, see Cases.
Note: You can also send Digest reports - that include a list of all emails and files that were assigned specified verdicts during the reporting period. For details, see Digest reports. By default, the times that appear in alerts are UTC times. You can specify a time zone for your organization, and then all alerts will be based on the specified time zone. For details, see "Time Zone" on page 110. |
The Alerts functionality is available to admin users with the "Administrator" role only. |
Configuring alerts
Alerts can be configured for admin users and for end-users.
To configure the alerts that will be sent:
In Perception Point X-Ray, in the left navigation menu, select Account > Preferences.
Scroll down to the Alerts and Reports section, and then click Edit [
].
Configure the required settings for admin users and end-users. See "Admin alerts and reports - Dialog box options" on page 114 below.
Click Save Changes.
Important: To ensure that the alert emails arrive in the recipient's Inbox [and are not classified as spam], add the following email address to an allowlist in your email service:
|
Admin alerts and reports - Dialog box options
Admin alerts and reports  | |
Alert via email on malicious incidents | When selected, an alert email will be sent each time an email or a file is assigned a malicious scan verdict. The alert email is sent irrespective of whether or not the email or file was quarantined. Recipients: Defines which admin users will be sent the alert emails that are enabled above: All admin users: The alert emails will be sent to all Perception Point X-Ray admin users in your organization [not to additional admin users in the parent organization]. Specific users: The alert emails will be sent to the specified admin-user email address or addresses. |
Alert via email on malicious cases | When selected, an alert email will be sent each time a case is added to the Cases page. For details about cases, see Cases. Recipients: Defines which admin users will be sent the alert emails that are enabled above: Same as escalation contacts: The alert emails will be sent to the escalation contacts. For details, see "Escalation contacts" on page 99. All admin users: The alert emails will be sent to all Perception Point X-Ray admin users in your organization [not to additional admin users in the parent organization]. Same as malicious incidents: The alert emails will be sent to the recipients that are defined [above] to receive alert emails about malicious incidents. Specific users: The alert emails will be sent to the specified admin-user email address or addresses. |
End-user alerts and reports - Dialog box options
End user alerts and reports | ||
Alert via email on malicious incidents | An alert email will be sent each time an email or a file is assigned a malicious scan verdict. The alert email is sent irrespective of whether or not the email or file was quarantined. The warning email will be sent to the intended recipient of the original email or to the owner of the file. The "warning" email will have the subject similar to "A malicious email has been detected and blocked"  If the recipient of the alert email thinks that the email or file is not malicious, the recipient can request their IT security team to investigate the scan - and to release the email or file from quarantine, if the email was quarantined. 
| |
Receive digested incidents report on selected verdicts | Specifies if Digest reports will be sent to end-users. For details, see Digest reports. | |
Additional alert features
In addition to the standard alert features described above, there are additional alert features that can be configured by Perception Point Support. For details about each of these features, listed below, contact Perception Point Support [support@perception-point.io].
Alerts can be sent to a dedicated Slack channel.
By default, email alerts are sent immediately on assigning the scan verdict. Perception Point X-Ray can be configured to send alerts only after the assigned verdict has been reviewed by the Perception Point IR Team.
Additional email alerts to admin users and end users can be configured.
Alerts can be sent when Perception Point X-Ray is set up in monitoring mode or non-blocking mode [i.e. when there is no quarantine].
Alerts can be sent when false positive scans or false negative scans are identified by the Perception Point IR Team.
Audit log
This page includes:
About the audit log 119
Showing the audit log 120
About the audit log
You can view the Perception Point X-Ray audit log. The audit log includes actions such as changing a verdict, previewing an email, and viewing a screenshot. The audit log lets you see what actions were performed by your admin users - and by the Perception Point IR Team - in Perception Point X-Ray, in your organization. Transparency is important to Perception Point. The audit log enhances transparency by enabling you to see every action that was performed on your data.
You can use the search feature in the audit log to show all the actions that were performed by a specific user.
Data in the audit log is maintained for 180 days.
The Audit Log page is available to admin users with the "Administrator" role only. |
Showing the audit log
To show an audit log:
In Perception Point X-Ray, in the left navigation menu, select Security Operations > Audit Log.
All actions that were performed in the last day will be shown.
Use the Date Range selector and the Search feature to change the list of displayed actions.
Service status
This section includes:
About the Perception Point service status page 120
Subscribing to status updates 121
About the Perception Point service status page
The Perception Point service status page lets you monitor the status of various Perception Point components, such as X-Ray, the API, email scanning, and collaboration scanning. The status page lets you see if each component is operational - in real-time. The incident history section of the status page shows a list of past incidents that have occurred.
Visit the status page if you are experiencing connectivity issues. The status page is located here: https://status.perception-point.io/
Subscribing to status updates
It is recommended that you subscribe to receive Perception Point status updates. These updates will inform you as soon as any operational service issues are detected. You can choose to receive the status updates by various methods, including by email, sms messages, and Slack.
To subscribe to status updates:
Click the Status Page link at the bottom of Perception Point X-Ray.
The Perception Point service status page opens.
Click "Subscribe to updates"
Select the method by which you want to receive updates, and then supply the required contact information.
Feature updates
This page includes:
About feature updates 123
Showing feature updates 123
Subscribing to feature updates 123
About feature updates
You can see a list of new features that have been added to Perception Point X-Ray.
Showing feature updates
To show the latest feature updates:
In the Perception Point X-Ray banner, click the Feature Updates icon [
].
You can also see a list of feature updates by looking at What's New.
Subscribing to feature updates
You can subscribe to receive the Perception Point X-Ray feature updates by email, as soon as they are posted by Perception Point.
To subscribe to the feature updates:
In the Perception Point X-Ray banner, click the Feature Updates icon [
].
Click "Get the latest posts to your inbox"
Enter your email address, and then click Subscribe.
Attachments (50)
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article