ZAP Result

Senior Member



When dealing with an email that was handled by the ZAP action, I came across this result "ZAP took no action due to user triage" and the final action taken being "None".

The email was originally delivered to Inbox and after nearly 12 hours, the ZAP action was taken. But I am not able to find explanation as to what this result of ZAP refers to, could anyone please provide a link for the documentation for this scenario or provide a brief explanation?


Thank You

1 Reply
best response confirmed by chadsung (Senior Member)
There isn't a definitive Microsoft item of documentation describing user triage (Google Search). My interpretation of the event is by the time ZAP acted, the user had already deleted the item. Remember that Threat Explorer does not show user actions. You can only infer them from manual and automated remediation results.