Response when threats outbreak is detected

Target

This article is for customers who have implemented HENNGE Cloud Protection.

Purpose

This section describes administrators' response when HENNGE Cloud Protection detects a threat.

Caution

1. The content of this article is based on product specifications as of October 2021 and is revised accordingly without advanced notice.

Response when HENNGE Cloud Protection detects threats

1. Understanding the Threat

When HENNGE Cloud Protection detects a threat, customers can configure the system to notify themselves of the threat in one or both ways below:

・Display notification on the [Detections] section of the HENNGE Cloud Protection administrator screen (UI).
・Send email notifications to specific email addresses.

Admin users confirm the detail of the occurred threat by referring to the notification.

For how to open the [Detections] section of the HENNGE Cloud Protection administrator screen (UI), please refer to the article below:

Confirming the Details of the Quarantined Threats

Confirm on the Compromised Accounts

2. Dealing with Threats

2.1 Dealing with quarantined items

Customers can pre-configure the items as quarantined if a file containing malware or a malicious URL attached to the Exchange Online is detected.
The administrator must review the details of the quarantined items and choose whether to delete or release them (restore to the original location) if the admin customer sets the items to the quarantine.
(The system deletes the items automatically if they remain quarantined for a certain period.)

For how to delete or release quarantined items, please refer to the article below:

Management Procedures for Quarantined Items

2.2 Dealing with a compromised account

HENNGE Cloud Protection provides information about the potential abuse of customers` accounts when it detects compromised accounts that Microsoft 365 accounts to a third party. The information depends on the type of compromised information and the severity of compromised accounts. (Whether only the email address of the account has been compromised, or whether the password has been compromised as well, etc.)
Admin customers will need to do account setup, such as changing the account password or suspending the account based on the compromised status of the customer's accounts.
(Please configure the compromised account setup on the Microsoft 365 administration center or HENNGE Access Control administration page (UI). The reason is that the compromised accounts setup cannot be operated on HENNGE Cloud Protection.)

3. Feedback about threats

Please submit the original file or URL as a sample to the service side if a file containing malware or a malicious URL attached to the Exchange Online is detected. We will improve HENNGE Cloud Protection's detection accuracy by receiving the samples.
In addition, if the system falsely detects a file or URL that is not a threat, please provide us with that information so we can improve to prevent similar false detections.
For how to submit the feedback, please refer to the article below:

          
Was this article helpful?

Frequently Asked Questions (FAQs)