Manage office atp alerts like a boss

Posted by

Image by Gerhard G. from Pixabay

Let’s face it: Sometimes you get false positives in Office ATP phishing Email alerts. Either this is caused by the system or you may have scheduled a phishing simulation from a third party provider that cannot be properly whitelisted.

In such cases, you find yourself sitting in front of an infinite list of either investigation events:

or infront of a likewise infinite list of the associated alerts:

Both lists have one thing in common: filtering and modification of additional columns is very limited. In fact, both lists do not provide any valuable data in this overview. To get more information, you have to click an entry of one of those lists and then you might have to click even further only to find out, you don’t have to touch that alert, cause it is a false positive.

From a defender’s perspective, this is not…

View original post 188 more words

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s