Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
SOLVED

ZAP Result

Copper Contributor

Hi,

 

When dealing with an email that was handled by the ZAP action, I came across this result "ZAP took no action due to user triage" and the final action taken being "None".

The email was originally delivered to Inbox and after nearly 12 hours, the ZAP action was taken. But I am not able to find explanation as to what this result of ZAP refers to, could anyone please provide a link for the documentation for this scenario or provide a brief explanation?

 

Thank You

1 Reply
best response confirmed by chadsung (Copper Contributor)
Solution
There isn't a definitive Microsoft item of documentation describing user triage (Google Search). My interpretation of the event is by the time ZAP acted, the user had already deleted the item. Remember that Threat Explorer does not show user actions. You can only infer them from manual and automated remediation results.
1 best response

Accepted Solutions
best response confirmed by chadsung (Copper Contributor)
Solution
There isn't a definitive Microsoft item of documentation describing user triage (Google Search). My interpretation of the event is by the time ZAP acted, the user had already deleted the item. Remember that Threat Explorer does not show user actions. You can only infer them from manual and automated remediation results.

View solution in original post