Configuring Correlated Intelligence

Procedure

1. Select Correlated Intelligence.
2. Enable Correlated Intelligence.
3. Configure Action settings for emails detected as security risks.
   For details about the actions, see Actions Available for Different Services.
4. Turn on notification for Cloud Email and Collaboration Protection to send notification emails upon security risk detection.
5. Specify rules for detecting anomalies and select the action.
   • For details about the rules, see Viewing Correlation Rules and Detection Signals.
   • For details about the actions, see Actions Available for Different Services.
6. Turn on notification for Cloud Email and Collaboration Protection to send notification emails upon anomaly detection.
7. Configure Notification settings.

   Notify administrator	Specify the administrators to notify by selecting a recipient group or specifying individual recipients. You can click Manage recipient groups to edit the members in a group or add more groups. Specify message details to notify administrators that Cloud Email and Collaboration Protection detected a security risk and took action on an email message, attachment, or file. Set the notification threshold which limits the number of notification messages to send. Threshold settings include: Send consolidated notifications periodically: Cloud Email and Collaboration Protection sends an email message that consolidates all the notifications for a period of time. Specify the period of time by typing a number in the box and selecting hour(s) or day(s). Send consolidated notifications by occurrences: Cloud Email and Collaboration Protection sends an email message that consolidates notifications for a set number of filtering actions. Specify the number of virus/malware occurrences by typing a number in the box. Send individual notifications: Cloud Email and Collaboration Protection sends an email message notification every time Cloud Email and Collaboration Protection performs a filtering action.
   Notify User	Specify message details that notify recipients that Cloud Email and Collaboration Protection detected a security risk and took action on their email message or attachment.