Modules - Mail Explorer

Introduction

The Avanan Mail Explorer allows to view and search the emails that Avanan viewed and processed on protected email platforms. The Mail Explorer is a valuable tool for incident response, as it provides a quick and easy way to search for emails that match certain criteria, examine them and perform actions such as quarantine and create block-list and allow-list rules.

 

Benefits

  • View all the emails that were sent or received on a single screen.
  • Apply powerful filters to find relevant emails.
  • Bulk-quarantine emails that match the search criteria.
  • Easy access to block-list, easy population of fields based on currently examined email attributes.
  • Easy access to allow-list rules creation.

Use Cases

  • Incident response - find if an email is part of a campaign. Find similar emails - emails that include similar attributes such as same sender, subject, contain similar URLs in the body or similar attachments.
  • Bulk actions to quarantine emails that got into the mailboxes.
  • Quickly block future emails from the campaign based on campaign attributes.
  • Find emails that match search criteria, across all mailboxes.

 

Mail Explorer

 

Mail Explorer screen sections

Emails Grid

The email grids presents the following email attributes:

  • Received - the time the email was received
  • Quarantined - display quarantine state
  • Subject
  • Sender name - display name
  • Sender email
  • Recipients
  • Sender SMTP - IP Address of SMTP server
  • Client Sender IP - IP Address of the sender
  • Attachments hash - list of MD5 signature of the email attachments
  • Links - list of URLs that are included in email body

Filters

The filters section are divided into 2 sections: general filters and filters that are applicable to Block-list and Allow-list rules.

To use the applicable filters, first allow the filter by clicking the checkbox, and specify the search value.

When clicking on Block-list or Allow-list, buttons, the rule creation dialog will show, and the rule will be created based on the checked filters.

 

Actions

The following actions are available:

  • Quarantine selected emails: move the selected emails to quarantine.
  • Create Block-list: create a Block-list rule that would block future emails that match the defined criteria.
  • Create Allow-list: create an Allow-list rule that would release future emails that match the defined criteria to the inbox.