Views:

Quarantine a suspicious email message from all supported mailboxes protected by Cloud App Security using context menus on the Trend Vision One console.

This task is supported by the following services:
  • Cloud App Security

Procedure

  1. After identifying the suspicious email message, access the context or response menu and click Quarantine Message.
    The Quarantine Message Task screen appears.
  2. Confirm the targets of the response.
  3. Select the mailboxes that this task applies to.
    Important
    Important
    This task is only applicable on supported mailboxes protected by Cloud App Security.
    If the target message is not found in a supported mailbox protected by Cloud App Security or users have already deleted all instances of the message, you cannot create the task.
  4. Specify a Description for the response or event.
  5. Click Create.
    Trend Vision One creates the task and displays the current task status in Response Management.
  6. Monitor the task status.
    1. Open Response Management.
    2. (Optional) Locate the task using the Search field or by selecting Quarantine Message from the Action drop-down list.
    3. View the task status.
      • Pending approval (pending_approval=f0525c66-199a-46f5-b40a-902bd498cf53.jpg) (if applicable): The automated response task was created on the Workbench app and is waiting for approval
      • Rejected (rejected=bd05fc87-5b5d-4d84-bfb1-3a6dc09ddac5.jpg) (if applicable): The automated response task created on the Workbench app was rejected
      • In progress (in_progress=GUID-A55897DB-3DEA-4F5C-B7F9-70B3D7FB9EDE=1=en-us=Low.jpg): Trend Vision One sent the command and is waiting for a response.
      • Successful (successful=GUID-1E31AD86-DE2E-48B5-85F7-7C78A3E8BB11=1=en-us=Low.jpg): The command was successfully executed.
      • Partially successful (partially_successful_icon=GUID-20230103030733.jpg): One or more commands was unsuccessful.
      • Unsuccessful (error=5cc21722-7ceb-480c-b9c2-a47d420cf1cc.jpg): An error or time-out occurred when attempting to send the command to the managing server, the agent is offline for more than 24 hours, or the command execution timed out.
      • Action taken by Cloud App Security(actionTakeByCASicon=GUID-20230103032833.jpg): The email message has already been deleted or quarantined by Cloud App Security. Go to Cloud App Security to learn more.
    If you determine that a quarantined message is malicious, you can delete the message using context menus on the Trend Vision One console.
    After determining that a quarantined message is not malicious, you can restore the message by clicking Restore message on the task context menu..
    For more information, see Delete Message task.