Security Reports

    Delegated Admin Reports provides various reports related to security, allowing you to monitor the phishing attempts made against your department users and ensure take proactive steps to ensure each user's data is safe and secure.

    Transport Layer Security (TLS)

    Transport Layer Security (TLS) is an email encryption technique used to ensure data privacy and prevent security breaches that happen over the internet. TLS encrypts the communication between the server and the web applications to prevent hackers from getting unauthorized access to your sensitive data.

    TLS Reports

    TLS reports within Delegated Admin reports provide a comprehensive list of both successful connections and any connectivity challenges encountered by external servers when sending emails to your domain.

    Accessing TLS Reports

    You can access the TLS reports from Delegated Admin reports by following these steps:

    1. Log in to https://mailadmin.mgovcloud.in/ and click Reports on the left pane.The Admin Reports page opens in a new tab.
    2. Navigate to Security and select Strict TLS. 
    3. Select Security and navigate to TLS Reports.
    4. Select the desired date range from the drop-down. Below are the details available in the report :
      • Policy name 
      • Domain name  
      • Mail type 
      • Failed session count 
      • Successful session count 
    5. Click the filter option to filter the report based on your requirements.
    6. Use the Search option to quickly find the details by entering the domain / policy name.

    Login Reports

    The login reports section provides an overview of the following reports:

    Login activity Report 

    The Login Activity report provides comprehensive insights into user access within your system, such as who accessed the system, what actions were performed, when these actions occurred, and where the access originated from. This allows Administrators to track individual user activities and detect any suspicious or unauthorized access attempts. To view the Login activity reports, follow these steps:

    1. Log in to https://mailadmin.mgovcloud.in/ and click Reports on the left pane. 
    2. Navigate to Security and select Login activity.
    3. Below are the details available in the report :
      • Name/Email - Name and email address of the user.
      • Service name - Name of the service accessed by the user.
      • Device info - Displays information about the device used, such as Windows, Chrome, or Mac.
      • IP address - The IP address from which the login was performed.
      • Location - Displays the location from where the user has logged in.
      • Access type -  Specifies the type of access from which the login was performed.
    4. Click the Date filter to select the time period for which you want to see the report.
    5. Use the Search option to quickly find the details by entering the name/ email of the user.

    Failed login Report

    The Failed Login Reports display a detailed list of each failed login attempt made by the organization's users. This helps administrators safeguard the organization from potential security threats, enabling proactive measures to prevent data breaches and unauthorized access. To access Failed login reports:

    1. Log in to https://mailadmin.mgovcloud.in/ and click Reports on the left pane. 
    2. Navigate to Security and select Failed login report.
    3. Below are the details available in the report :
      • Name/Email - Name and email address of the user.
      • Login time - Displays the exact time and date of the login attempt.
      • Device info - Displays information about the device used, such as Windows, Chrome, or Mac.
      • IP address - The IP address from which the login was performed.
      • Failure reason -  Displays the reason why the login was marked as failed login.
      • Login URL - Displays the login url used during the login attempt. 
    4. Click the Date filter to select the time period for which you want to see the report.
    5. Use the Search option to quickly find the details by entering the name/ email of the user.

    Suspicious Login Report

    Based on a user's previous login behaviour, NICeMail alerts if there is any suspicious login activity. Delegated Administrators can view the list of suspicious login activities based on the selected duration. To view the suspicious logins, follow these steps:

    1. Log in to https://mailadmin.mgovcloud.in/ and click Reports on the left pane. 
    2. Navigate to Security and select Suspicious login.
    3. Select the desired date range from the drop-down. Below are the details available in the report :
      • Name/Email - Name and email address of the user.
      • Service name - Name of the service accessed by the user.
      • Device details - Displays information about the device used, such as Windows, Chrome, or Mac.
      • Client IP address - The IP address from which the login was performed.
      • Location - Displays the location from where the user has logged in.
      • Login source - Mentions the source of login (protocol types), such as POP, IMAP, WEB, SMTP_IN, and SMTP_OUT.
      • Reason - Displays the reason why the login was flagged as suspicious activity
    4. Click the Date filter to select the time period for which you want to see the report.
    5. Use the Search option to quickly find the details by entering the name/ email of the user.

    Session History

    The session history report displays the number of live sessions for the selected user. The report displays the Client IP address and Session start time. To view the session history of users, follow these steps:

    1. Log in to https://mailadmin.mgovcloud.in/ and click Reports on the left pane. 
    2. Navigate to Session history under the Security section. 
    3. Choose a user from the drop-down menu to view the corresponding session history. 
    4. The Session history page displays the information that follows:
      • Total -  Displays the total number of live sessions for the selected user.
      • Graphical chart - Displays the user's session history graphically.
      • Client IP address - Indicates the IP address from which the session commenced. 
      • Session start time - The timestamp when each session started.
    5. You can also expand or add a chart to the dashboard by clicking the respective icons from the right pane.

    Threat Activity

    Threat activity report lists the malicious activities targeted against your department users, which can end up as a threat to your department's data security. This report aids you to identify and understand cyberattack attempts and address them in a timely manner.

    The Threat activity report in Delegated Admin Reports is grouped into different categories based on the nature of the threat. The table given below provides an overview of each threat type:

    Threat typeDescription
    AnamolyThe unusual behaviours observed in the incoming and outgoing emails of a user are identified and displayed under Anamoly.
    Bulk spam markingUsers marking multiple emails as spam are displayed under Bulk spam marking.
    LoginsSuspicious login and failed login reports help you to keep track of user logins. If a user reports an account block issue, admins can check the Login report and take necessary actions (unblock) based on the user's request.
    Mail rejectionCertain email attachments can contain a virus. Mail rejection report provides a list of emails that get rejected due to a virus or blocked attachment.
    PhishingThe emails which are marked as Phishing fall under the Phishing threat activity report.
    Spam actionsSpam actions report gets generated whenever a user clicks on a URL/ downloads an attachment in a spam email or replies to a spam message. This allows you to educate users on a timely basis about the email security steps that each user should observe on a daily basis.
    Spam markingThe list of emails marked as spam by the users can be found under the Spam marking report category.
    Virus detectionWhen email attachments are scanned for viruses, a report gets generated for those emails which were marked as spam due to a virus found in the attachment. Such reports are grouped as Virus detection.

    Accessing Threat Activity Reports

    Follow these steps to view the threat activity reports:

    1. Log in to https://mailadmin.mgovcloud.in/ and click Reports on the left pane.
    2. Navigate to Security and select Threat Activity. The threat activity report appears with the following details:
      1. Threat type - Mentions the threat type. Refer to the table given above for details about each threat type.
      2. Description - Provides a brief description of the threat. For example, if a user marks an email as phishing, the description displays "Email was marked as phishing by the user username@domain.com".
      3. Details - Contents of the Details column differ based on the threat type. Some of the details are - From email address (spam marking), count of emails (anomaly), Location (login activity), etc.
      4. Time - Displays the date and time at which the threat was detected.
    3. Select the preset duration or a custom date range for which you want to view the report. 
    4. Use the Search bar and Filter options to narrow down the report based on your requirement.
    5. If required, click Filter on the top menu, hover over a threat and choose the sub-category from the available list:
      • User reported - As spam, As spam (bulk) and As phishing
      • Mail moved - As attachment in spam and As mail is spam
      • Spam actions - URL clicked, Attachment downloaded and User replied
      • Mail rejected - Virus attachment and Blocked attachment
      • Spam detected - Marked as spam
      • Anomaly - By incoming and By outgoing mail
      • Login - Suspicious login and Failed login
      • URL - Unsafe URL accessed and Phishing detected

    The threat activity report appears for the selected filter criteria.

    PREVIOUS

    UP NEXT