Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Requesting an investigation

            Modified on Sun, 1 Sep at 7:21 PM

            Requesting an investigation

            This page includes:

            About requesting an investigation

            An admin user can request that the Perception Point IR Team investigate the results of a scan. When you request an investigation of a scan, you can indicate that you think the verdict of the scan should be malicious, spam, or clean.

            There are generally two scenarios for requesting an investigation:

            • You can request an investigation of a scan that has been assigned a malicious or spam verdict, but that you think may be clean. The Perception Point IR Team will review the scan, and release the item from quarantine if it is indeed clean. When possible, an email will be moved to the end-user's Inbox.

            • You can request an investigation of a scan that has been assigned a clean verdict, but that you think may in fact be malicious or spam. The Perception Point IR Team will review the scan. If it is indeed malicious or spam, the Perception Point IR Team will adjust the scan verdict accordingly. In addition, the Perception Point IR Team may adjust the Perception Point detection engines to make sure that similar emails in the future will not be assigned a clean verdict.

            If the verdict is changed to malicious or spam, the email may be removed from the end-user's Inbox and quarantined, depending on your organization's quarantine policy.

            You can request an investigation for any scan - irrespective of its channel or verdict. You can request an investigation of a scan only when you display the details of the scan in the Scans-details page - not in the summary or preview views.

            When you request an investigation, the Perception Point IR Team will respond to your request by email. The email will be sent to the email address that is associated with the admin who made the request. You can also click Scan History in the Scans-details page to monitor the investigation process.

            For details on how to request assistance with an issue in Perception Point X-Ray - not related to a specific scan - see CHAPTER 6 - "Troubleshooting" on page 741.

            Any Perception Point X-Ray admin user with the "Administrator" role can request an investigation.

            How to request an IR investigation of a specific scan

            To request an IR investigation of a specific scan:

            1. In Perception Point X-Ray, in the left navigation menu, select Security Operations > Scans.

            2. Locate the scan, and then open the scan in the Scans-details page.

            3. Click Request Investigation.

            1. Select to investigate the email, file, or URL, or select the suggested verdict:

              1. Clean:

            [The check boxes below appear only for emails only that currently have a spam verdict]

            1. Allowlist against spam: Adds the sender's email address to the Sender Email Address allow list.

            2. Release similar emails: Changes the verdict of all similar emails that were received during the week before the scan - to Clean.

            Spam:

            [The check boxes below appear only for emails only that currently have a clean verdict]

            1. Blocklist sender's address: Adds the sender's email address to the Sender Email Address block list.

            2. Change all similar emails to spam: Changes the verdict of all similar emails that were received during the week before the scan - to Spam.

            Note: The if request is made more than 7 days after the scan was performed, then it may not be possible to change the verdicts of some emails because they may no longer exist.

            Malicious:

            1. Add a comment [this is compulsory].

            2. Click Send Request.

            Feedback on an investigation request

            After you request an investigation of a scan, the Perception Point IR Team will investigate the scan. The Perception Point IR Team will send their findings to your organization - by email. The email will be sent to the email address of the admin who made the request. You can also click Scan History in the Scans-details page to monitor the scan investigation process.

            CC'ing investigation requests and responses

            As described above, by default, responses to investigation requests are sent to the email address of the admin who made the request. It is possible to configure Perception Point X-Ray so that every investigation request and every resulting response is sent to an additional email address. This additional [CC] email address can be an admin's email address, or a dedicated address that is used for managing investigation requests. Adding a CC address enables more effective management of all investigation requests that are requested in your organization. The required configuration can be performed by Perception Point Support only. For assistance, contact Perception Point Support [support@perception-point.io].


            Reference

            https://docs.perception-point.io/WP/Content/PP/Request-investigation.htm

            Acronis: https://docs.perception-point.io/acronis/Content/PP/Request-investigation.htm

            Attachments (1)

            thumbnail

            att_1_for_26....png
            21.3 KB

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0