Modules - Mail Explorer

Introduction

Mail Explorer allows you to view and search the emails Avanan viewed and processed on the protected email platforms.

It is a helpful dashboard for incident response. It provides a quick and easy way to search for emails that match specific criteria, examine them, and perform actions such as quarantine, create block-list, and allow-list rules.

Using Detection filter, you can filter the emails by Avanan or Microsoft detections.

Using Quarantine State filter, you can filter the emails by Avanan and Microsoft enforcement decisions, such as emails Microsoft decided to deliver to Inbox or Junk folder and quarantined by Avanan.

Also, using the And or Or operators in the Detection and Quarantine State filters, you can filter the emails based on the Microsoft and Avanan detections (Quarantined by Admin and Quarantined by Analyst) and enforcements.

Note - For Gmail, using Quarantine State filter, you can filter emails Delivered to Inbox/Delivered to Junk folder.

Example:

  • You need to view all the emails detected as Phishing by Avanan, but detected as Clean by Microsoft. To do that, use the Detection filter and select these options:
    • In Avanan, selectPhishing
    • Select the And operator
    • In Microsoft, select Clean.
  • You need to view all the quarantined emails. To do that, use the Quarantine State filter and select these options:
    • In Avanan, select Quarantined
    • Select the Or operator
    • In Microsoft, select Quarantined.
      Quarantine-State-filter

Using Direction filter, you can filter the emails by their direction (incoming, outgoing and internal emails).

Mail-Explorer

Searching for Emails

From Mail Explorer, you can filter and view emails based on a specific search criteria.

To filter emails:

  1. Under the Date Received field, select Last or Range and choose the relevant period.
  2. Enable the relevant checkboxes and enter the search criteria you want to include for the search query.

  3. Click Search.

Note - Whenever you perform a search operation in Mail Explorer, a log gets generated under Audit > System Logs.

Acting on Filtered Results

Restore quarantined emails

To restore the quarantined emails:

  1. Open Mail Explorer from the left navigation panel.
  2. Under Filters, define the criteria for filtering the emails and click Search.
  3. To restore emails from the search criteria, select the emails and click Restore selected emails under
    Actions.

Quarantine delivered emails

To quarantine the delivered emails:

  1. Open Mail Explorer from the left navigation panel.
  2. Under Filters, define the criteria for filtering the emails and click Search.
  3. To quarantine emails from the search criteria, select the emails and click Quarantine selected emails
    under Actions.

Creating Allow-List and Block-List Rule

Administrators can use the filters in Mail Explorer to create an Anti-Phishing Allow-List or Block-List.

The Anti-Phishing engine automatically marks all the emails matching these filters as clean for Allow-List or as Phishing for Block-List.

Notes:

  • The search criteria defined under the Date Received and Quarantine State fields do not apply to any rule.
  • Emails are scanned for malware and DLP even if they are in Anti-Phishing Allow-List.
To create an Allow-list rule that marks emails as clean that match the defined criteria, select the filters and click Create Allow-List Rule.
To create a Block-List rule that blocks emails that match the defined criteria, select the filters and click Create Block-List Rule.

Export Results to CSV

To export the search results to CSV:

  1. Open Mail Explorer from the left navigation panel.
  2. Under Filters, define the criteria for filtering the emails and click Search.
  3. Select the emails to export.
    • To export all the emails from the search results, under Actions, click Export to CSV.
      mail-explorer-export-to-csv
    • To export specific emails from the search results, select the emails and under Actions, click Export to CSV.
      Note - Only the selected emails will be exported.

Getting the Exported CSV File

  • If the export contains less than 500 emails, the CSV file gets downloaded immediately.
  • If the export contains more than 500 emails, the CSV file gets generated in the background. After the export is complete, the administrator that requested the export receives the CSV file through an email.

Notes:

  • You can see the export status under Audit > System Tasks.
  • The export action gets logged under Audit > System Logs.