Digest reports

This page includes:

About Digest reports

You can configure Perception Point to send Digest reports. Digest reports include lists of incidents that were detected in your organization during the reporting period. You define which scan verdicts to include in the reports: malicious, restricted, and/or spam. You can also specify whether the Digest reports should include only incidents that were quarantined - or all incidents, even if they were not quarantined.

Digest reports are sent to end-users. Digest reports are "individualized" - each Digest report includes incidents that are associated with a specific email address [end-user] - which is the recipient of the Digest report. You specify the scan-verdicts to include in the reports, the frequency of the reports, and the recipients of the reports.

Note: By default, the times that appear in reports are UTC times. You can specify a time zone for your organization, and then all Digest reports and Periodic reports will be based on the specified time zone. For details, see Time Zone.

By default, when an end-user receives a Digest report, the end-user is not able to release an email from quarantine. Instead, the end-user should contact the IT security administrator, who will be able to investigate the scan and release the email from quarantine.

Note: It is possible to configure Perception Point X‑Ray so that end-users can change the verdict of a scan from Spam to Clean, and to thereby release their own Spam emails from quarantine. For details, see Allow end users to change Spam verdicts to Clean and release from quarantine below.

Note: If no incidents are included in a report during a reporting period for a specific end-user [that is, the report is empty], no report is sent to that end-user.

Configuring Digest reports

To configure sending of Digest reports:

  1. In Perception Point X‑Ray, in the left navigation menu, select Account > Preferences.

  2. Scroll down to the Alerts and Reports section, and then click the Edit icon [].

  3. Scroll down to the End User Alerts and Reports section.

    Receive digested incidents report on selected verdicts

    If one or more of the verdict types [malicious, restricted, and spam] is selected, Digest reports will be sent. The Digest reports include a list of the incidents that occurred since the previous Digest reports were generated. Only emails and files with the selected scan-verdicts are included in the reports.

    Note:

    • By default, if no emails or files are included in a Digest report during a reporting period [that is, the report is empty], then no report is sent.

    Included incidents

    • Quarantined only: Emails and files [with the selected scan verdicts] will be included in a Digest report only if the email or file was actually quarantined.

    • All incidents: Emails and files [with the selected scan verdicts] will be included in a Digest report - even if the email or file was not quarantined.

      Note: If you select to include all incidents in the Digest reports, the report may include a large quantity of emails that have been assigned a spam verdict.

    Selected verdicts

    Emails and files with the selected scan verdicts will be included in Digest reports.

    Note:

    If Included incidents > Quarantined only is selected above, then you can select only those scan verdicts that are configured to cause quarantine in your organization. For details, see Which verdicts cause quarantine

    Frequency

    Select how many times per day Digest reports will be sent [if they are not empty].

    • One report per day: Report is sent at: 00:00 UTC

    • Two reports per day: Reports are sent at: 00:00; 12:00 UTC

    • Four reports per day: Reports are sent at: 00:00; 06:00; 12:00; 18:00 UTC

    • Six reports per day: Reports are sent at: 00:00; 04:00; 08:00; 12:00; 16:00; 20:00 UTC

    Note: These times are fixed and can't be modified. The sending times will not be modified even if you set a custom time zone for reports. For details on custom time zones for reports, see Time Zone.

    Recipients

    Use the available controls to specify which end-users may receive Digest reports.

    Allow end users to change Spam verdicts to Clean and release from quarantine

     

    When this option is selected, Digest reports will include a "Release from quarantine" option for each entry in the report that has a Spam verdict. This enables end-users to release their own Spam emails from quarantine. When an end-user releases an email from quarantine, the verdict of the scan is changed from Spam to Clean.

    The "Release from quarantine" option will appear in Digest reports only if the organization is configured to quarantine emails with Spam verdicts. For details, see Which verdicts cause quarantine.

    Note: End-users are not able to release from quarantine any scans that have malicious verdicts.

    End-user experience: When an end-user clicks the "Release from quarantine" option, the user will be redirected to a web-page where the user can confirm or deny the release from quarantine.

    Note:

    • It is not possible to see a preview of the email before releasing the email from quarantine.

    • When an end-user releases an email from quarantine, the system will not "learn" this behavior, and in the future, similar emails may still be classified as Spam.

    • If you see the message "The email could not be released from quarantine for an unknown reason" - this may indicate that the email has already been released from quarantine. Contact Perception Point Support [support@perception-point.io] for details.

    • When an email is released from quarantine, the following arrival dates/times will be associated with the email:

      • Microsoft 365 Inline scanning: The date/time when the email was released. Users should be able to find the released emails near the top of their Inboxes.

      • Microsoft 365 API scanning: The date/time when the email was originally received. Users may therefore need to search in their Inboxes to locate the released emails.

  4. Click Save.

See also: