Quarantine

The Quarantine page provides information of blocked and modified emails, including some basic metadata. Each entry is linked to an Event (See Events).

Search and Filtering Options

  • Search Bar: Search by Quarantine ID or email-related keywords.

  • Verdict Filter: Narrows down events by verdict (e.g., Malicious, Suspicious, Failure to Analyze, Encrypted Content).

  • Time Range: Narrows down events by time range.

  • Advanced Filters: Search and refine event results using multiple parameters such as

    • Verdict

    • Status

    • Quarantine reason

    • Message ID

    • Quarantine ID

    • Subject

    • SMTP Sender

    • From: address

    • Recipient

    • Policy Name

Quarantine List (Blocked & Sanitized Originals)

Each row in the list represents an email with the following details:

  • Quarantine ID: Unique identifier for the quarantined message.

  • Time of Event: When the email was detected and quarantined.

  • Policy: Indicates the Policy that applied for the the content.

  • Verdict: See Verdicts.

  • Details: Link to the related event for deeper investigation.

  • Delete & Release: Perform action on the quarantined entry. Actions can also be performed from the Actions Panel.

Viewing Details

Clicking the arrow next to a Quarantine ID expands detailed metadata about the quarantined email, including:

  • Item type: Type of content.

  • - View headers: View the email header for analysis.

  • Affected User: The user(s) affected by the event.

  • Sent at: Timestamp of when the email was sent.

  • Received at: Timestamp of when the email was received.

  • Message ID: Unique email message identifier.

  • Subject: The subject of the email.

  • Sender & Recipients: Sender's email address and SMTP server details.

  • From, To & Cc: Identify the sender and recipients listed in the email header.

  • Received from: Endpoint from where email was received.

  • Size: Email content size.

Actions

To the right of each quarantined email are action icons:

  • View Event: Opens the associated event for detailed threat analysis. See Viewing Event details.

  • Delete: Permanently removes the email from the system

  • Release: Delivers the email to the intended recipient if deemed safe

These actions can help administrators quickly manage threat resolution or allow legitimate emails that were flagged in error.