Alerts

This page includes:

About alerts

You can configure Perception Point X‑Ray to send an email alert each time:

a malicious incident occurs - that is, the scan of an email or of a file is assigned a malicious verdict

- or -
a case is added to the Cases page in Perception Point X‑Ray

Malicious incidents

When enabled, an email alert will be sent each time an email or a file is assigned a malicious scan verdict.

The email alert is sent immediately when the scan is assigned a malicious verdict.
The email alert can be sent to admin users, end users, or both. A similar email is sent to admin users and to end users. The admin version includes slightly more information, as well as a link to the scan in Perception Point X‑Ray.

The email alert usually includes a screenshot preview of the original email - to help understand which email was blocked.

Note: If the email includes a suspected malicious QR code, a preview of the email may not be available in the email alert. This is to prevent users from mistakenly accessing the potentially malicious QR code in the preview.

The email alert is sent irrespective of whether or not the email or file was quarantined.
Email alerts are sent to shared mailboxes as well as to ordinary main boxes.
Malicious emails: Email alerts are sent only when an email is scanned and then automatically assigned a malicious verdict by the system. If the verdict is changed to malicious manually by the Perception Point IR Team or by an admin user, then an email alert is not sent.
Alerts are not sent in response to emails or files that are assigned a restricted or spam scan verdict.
For details on how to customize email alerts, see Customizing Perception Point X‑Ray.

Malicious cases

When enabled, an email alert will be sent each time a case is added to the Cases page. The email alert is sent to the specified admin users only, not to end users. For details about cases, see Cases.

Note: This setting affects auto alerts only. Manual alerts are sent whether or not this setting is enabled. Manual alerts are sent to the escalation contacts only. For details about types of alerts, see About Microsoft 365 - ATO detection .

Note:

You can also send Digest reports - that include a list of all emails and files that were assigned specified verdicts during the reporting period. For details, see Digest reports.
By default, the times that appear in alerts are UTC times. You can specify a time zone for your organization, and then all alerts will be based on the specified time zone. For details, see Time Zone.
Alerts that are set in a parent organization are not propagated to the child organization. You must configure the alerts in every child organization.

The Alerts functionality is available to admin users with the "Administrator" role only.

Configuring alerts

Alerts can be configured for admin users and for end-users.

To configure the alerts that will be sent:

In Perception Point X‑Ray, in the left navigation menu, select Account > Preferences.
Scroll down to the Alerts and Reports section, and then click Edit [].
Configure the required settings for admin users and end-users. See Admin alerts and reports - options below.
Click Save Changes.

Important: To ensure that the email alerts arrive in the recipient's Inbox [and are not classified as spam], add the following email address to an allowlist in your email service:

support@sg.perception-point.io

Admin alerts and reports - options

Admin alerts and reports
Alert via email on malicious incidents	When selected, an email alert will be sent each time an email or a file is assigned a malicious scan verdict. The email alert is sent irrespective of whether or not the email or file was quarantined. Recipients: Defines which admin users will be sent the email alerts that are enabled above: All admin users: The email alerts will be sent to all Perception Point X‑Ray admin users in your organization [not to additional admin users in the parent organization]. Specific users: The email alerts will be sent to the specified admin-user email address or addresses.
Alert via email on malicious cases	When selected, an email alert may be sent each time a case is added to the Cases page. For details about cases, see Cases. Severity: Defines for which severity of malicious cases alerts will be sent. This enables you to limit the number of alerts that are sent for suspected malicious cases. Recipients: Defines which admin users will be sent the email alerts that are defined above: Same as escalation contacts: The email alerts will be sent to the escalation contacts. For details, see Escalation contacts. All admin users: The email alerts will be sent to all Perception Point X‑Ray admin users in your organization [not to additional admin users in the parent organization]. Same as malicious incidents: The email alerts will be sent to the recipients that are defined [above] to receive email alerts about malicious incidents. Specific users: The email alerts will be sent to the specified admin-user email address or addresses.
Receive periodic reports	Frequency: Select which periodic reports will be sent to admin users. For details on periodic reports, see Reports. Recipients: Defines which admin users will be sent the periodic reports that are selected above.

End-user alerts and reports - options

End user alerts and reports

Alert via email on malicious incidents

An email alert will be sent each time an email or a file is assigned a malicious scan verdict.

The email alert is sent irrespective of whether or not the email or file was quarantined.

The "warning" email will be sent to the intended recipient of the original email or to the owner of the file. The "warning" email will have the subject similar to "A malicious email has been detected and blocked"

If the recipient of the email alert thinks that the email or file is not malicious, the recipient can request their IT security team to investigate the scan - and to release the email or file from quarantine, if the email was quarantined.

Note:

You can configure Perception Point X‑Ray so that end-users are able to release quarantined emails that have a Spam scan verdict. For details, see Configuring Digest reports.

End-users are not able to release from quarantine emails with Malicious scan verdicts. Instead, the end-user must request their IT security team to investigate the scan, and to release the email or file from quarantine - as described above. If necessary, the IT security team can request that the Perception Point IR Team investigate the scan. For details, see Requesting an investigation.
It is possible to customize the logo and the text in the email alert that is sent to end-users. For details, see Customizing Perception Point X‑Ray.
When this control is enabled, alerts will be sent to all end-users [when necessary] - it is not possible to exclude specific end-users from being sent alerts.

Receive digested incidents report on selected verdicts

Specifies if Digest reports will be sent to end-users. For details, see Digest reports.

Sending alerts to Slack

Perception Point X‑Ray can be configured to send alerts to a dedicated Slack channel. This is in addition to the alerts that are sent by email. The configuration is performed by Perception Point Support.

How do I do this

Create a dedicated Slack channel to which you want to receive alerts.
Send the webhook of the new Slack channel to Perception Point Support [support@perception-point.io].

Perception Point Support will perform the required configuration for you - and will inform you when the configuration is complete.

You can include the text template below in your email:

Subject: Sending alerts to our Slack channel
Hi Perception Point Support Team, Organization name: <Your org name> We would like Perception Point X‑Ray to send alerts to our dedicated Slack channel. The webhook of the dedicated Slack channel is: <webhook> Please can you perform the required configuration. [Internal Reference: 1164] Please let us know when this has been done. Thank you

Subject: Sending alerts to our Slack channel

Hi Perception Point Support Team,

Organization name: <Your org name>

We would like Perception Point X‑Ray to send alerts to our dedicated Slack channel.

The webhook of the dedicated Slack channel is: <webhook>

Please can you perform the required configuration.

[Internal Reference: 1164]

Please let us know when this has been done.

Thank you

Additional alert features

In addition to the standard alert features described above, there are additional alert features that can be configured by Perception Point Support. For details about each of these features, listed below, contact Perception Point Support [support@perception-point.io].

By default, email alerts are sent immediately on assigning the scan verdict. Perception Point X‑Ray can be configured to send alerts only after the assigned verdict has been reviewed by the Perception Point IR Team.
Additional email alerts to admin users and end users can be configured.
- Alerts can be sent when Perception Point X‑Ray is set up in monitoring mode or non-blocking mode [i.e. when there is no quarantine].
- Alerts can be sent when false positive scans or false negative scans are identified by the Perception Point IR Team.