Let’s face it: Sometimes you get false positives in Office ATP phishing Email alerts. Either this is caused by the system or you may have scheduled a phishing simulation from a third party provider that cannot be properly whitelisted.
In such cases, you find yourself sitting in front of an infinite list of either investigation events:
or infront of a likewise infinite list of the associated alerts:
Both lists have one thing in common: filtering and modification of additional columns is very limited. In fact, both lists do not provide any valuable data in this overview. To get more information, you have to click an entry of one of those lists and then you might have to click even further only to find out, you don’t have to touch that alert, cause it is a false positive.
From a defender’s perspective, this is not…
View original post 188 more words