Views:

View the emails that are reported by your users, their analysis results, and the mitigation or remediation measures that you can take.

Cloud Email and Collaboration Protection provides you visibility into the emails that your users report as a spam, phishing, or not a risk through the add-in for Outlook or the warning banner in anomalous emails detected by predefined correlation rules in Correlated Intelligence. On the User-Reported Emails screen, you can get the volume and variety of the reported emails and view the details of each report email.
Cloud Email and Collaboration Protection automatically analyzes each reported email to decide whether it poses a threat or contains indicators that warrant further attention. Based on the analysis result and your configured settings in Email reporting, the system provides detailed insights and manual or automated security actions to mitigate similar treats already present in your environment and help prevent future risks.
If you have multiple organizations, select an organization to view data.
The following table details the options available on the User-Reported Emails screen.
Option
Description
View email reporting summary
  • Total reported emails and their approval status
  • Total emails reported as spam, phishing, or not a risk
  • Total emails with their analysis result
You can select a time range to view the data. Both the pie chart and the line chart are available.
View details on reported emails
Details about each reported email, including the reporting time, subject, reported type. In this section, you can perform the following operations on the reported emails:
  • Filter emails: Select the time range and then click an item in facets such as Approved status or Reported type. Specify the email subject, and press ENTER.
    You can also click the filter icon (filter_icon=GUID-8AF1810B-6950-4A79-A542-9261DDF25F39=en-us=.jpg) to add more criteria.
    If you expect that the emails reported by end users should be manually approved before sent to Trend Micro, enable email reporting approval. For details, see Email reporting.
  • Download emails: Select one or multiple emails and click Download.
  • Approve/reject reporting: Click the three dots at the end of each email item, and then select whether to allow sending a reported email to Trend Micro.
  • Add sender to Block List: Click the three dots at the end of each email item, and then select Add to Block List if you want to add the sender address of a reported email to the block list of Trend Vision One.
View analysis results
Whether a reported email is confirmed as phishing or spam after automatic analysis
  • View the analysis progress and result:
    • In progress: The analysis has not finished yet.
    • Completed - Phishing: The analysis is completed and the email is confirmed as phishing.
    • Completed - Spam: The analysis is completed and the email is confirmed as spam.
    • Completed - Flagged: The analysis is completed and the reported email is not confirmed as phishing or spam, but it contains indicators that warrant further attention.
    Note
    Note
    Currently, automatic analysis applies only to emails that are reported by your users as Phishing or Spam.
  • View analysis details: Click the reporting time under Reported or Manual mitigation required (if manual security actions is enabled under Email reporting) to open the analysis details screen. For details, see Analysis details on user-reported emails.
Apply security actions
Automated or manual security actions that Cloud Email and Collaboration Protection or you take on identified emails for threat mitigation, remediation, and prevention
Security actions are available only after automatic analysis is completed.
  • View whether security actions for mitigation have started or completed under Security actions.
    To view the progress on automated remediation and prevention, click the reporting time under Reported to open the analysis details screen.
  • Apply security actions: If manual security actions is enabled under Email reporting, click Manual mitigation required under Security actions to open the analysis details screen. You can apply mitigation actions to historical emails that are identified as posing similar threats or risks to the reported email. Additionally, you can take remediation and prevention actions by adding the most relevant object from the reported email, such as a sender or URL, to the appropriate monitored list managed by Correlated Intelligence.
For details, see Analysis details on user-reported emails.
Related information
Keywords: User-reported emails,Add-in for Outlook