52595 – Improvements to Threat Explorer for better hunting experience (archived)

All environments, Microsoft Information Protection, O365

check before: 2019-06-30

Product:

Advanced Threat Protection - Azure (ATP), Advanced Threat Protection - Office 365, Enterprise Mobility + Security, Exchange, Information Protection, Microsoft 365 admin center, Microsoft Information Protection, Purview Information Protection

Platform:

World tenant

Status:

Launched

Change type:

Links:

Details:

We're making significant improvements to the Threat Explorer for better manual threat hunting experience. Based on common hunting scenarios and customer feedback, we're introducing following updates: 1. Clarity on delivery status of an email : Today in Explorer/ Real-time detections, we show the delivery status of an email which could be delivered, delivered to junk, blocked, replaced and removed by ZAP. The status doesn’t help paint a complete picture of where the email actually landed and where is it at a given point of time. We're going to split the existing delivery status into more accurate values and simpler relatable names to define it. Delivery status is renamed to “Delivery action” and “Delivery location” is another column which is added to indicate the location of an email. There might be events which occur post-delivery of an email, they are captured under the column “Special action”. All these values combined would help the admin understand what action(s) were taken on an email and the location of that email. 2. Timeline view for an email: Email timeline is a new feature underway to make hunting simpler for admins. In case of multiple events occurring on the same email, that would be shown in a timeline view so the admin won't have to hunt down at different places to understand the email events. 3. Ability for admins to view and download malicious emails for analysis: Email preview and download option will allow the admins to better analyze bad emails We'll be rolling out these features in the order above.

Change Category:
XXXXXXX ...

Scope:
XXXXXXX ...

Release Phase:
General Availability

Created:
2019-06-26

updated:
2020-01-14

the free basic plan is required to see all details. Sign up here

A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.

Get a Plan

Last updated 3 years ago ago

You must be logged in to post a comment.

Share to MS Teams

52595 – Improvements to Threat Explorer for better hunting experience (archived)

check before: 2019-06-30

Leave a Reply

cloudscout.one

Schierding.one GmbH

become an evergreen hero

Hey there! We've got some great news - our Basic Plus plan has everything you need to succeed, and it's completely free! So, don't hesitate - take advantage of this amazing opportunity today!

Welcome Back, We Missed You!