Target
Customers who introduce HENNGE Cloud Protection are eligible.
Purpose
This article explains the procedures that administrators should take when threats are detected by HENNGE Cloud Protection.
Notes
1. The content of this article is based on the product information as of October 2021 and may be subject to change without notice.
Response when a threat is detected by HENNGE Cloud Protection
1. Understanding the threat
When HENNGE Cloud Protection detects a threat, administrators can choose to be notified of the threat through one or both of the following methods:
- Notification on the [Detection] menu screen of HENNGE Cloud Protection's Administration
- Email notification to specific email addresses
Administrators refer to this notification to review the details of the detected threat.
For information on how to check the [Detection] menu screen in HENNGE Cloud Protection's Administration, please refer to the following articles:
How to check the details of the detected threat
How to check for compromised account information
2. Dealing with the threat
2.1 Dealing with isolated items
If malware-containing files attached to Exchange Online items or harmful URLs are detected, you can set up in advance to isolate the relevant items.
If items are set to be isolated, administrators need to review the details of the isolated items and decide whether to delete them or release them (restore them to their original location).
(If items remain isolated for a certain period, they will be automatically deleted.)
For steps on how to delete or release isolated items, please refer to the following article:
2.2 Dealing with compromised accounts
If a leak of Microsoft 365 account information to a third party is detected, HENNGE Cloud Protection provides information on the severity of the compromised accounts based on the type of compromised information, as well as the possibility of those accounts still being misused. (Whether only the email address of the account has leaked, or if the password has also leaked, etc.)
Based on this information on the compromise status of the account, you need to take measures such as changing the account's password or suspending the account.
(Measures for compromised accounts cannot be taken from HENNGE Cloud Protection, so please take the necessary actions from the Microsoft 365 Administration screen or the HENNGE Access Control Administration screen as needed.)
How to check for compromised account information