Several event types are on the "mailtrafficatpreport "Which are atp and which are eop capabilities?

Occasional Contributor

Which are atp capabilities?

 

Which are eop capabilities?

 

Email phish EventTypes:

  • Advanced phish filter (Indicates a message caught by the Office 365 machine learning model.)

  • Anti-spoof: Intra-org (Indicates an internal message caught by anti-phish spoof protection.)

  • Anti-spoof: external domain (Indicates an external message caught by anti-phish spoof protection.)

  • Domain impersonation* (Indicates a message impersonating a domain protected by an anti-phish policy.)

  • User impersonation* (Indicates a message impersonating a user protected by an anti-phish policy.)

  • Brand impersonation (Indicates a message caught by Office 365 phish filters as impersonating a known brand.)

  • General phish filter (Indicates a message caught by basic Office 365 phish protection.)

  • Malicious URL reputation (Indicates a message with a known malicious URL caught by Office 365 phish filters.)

  • Phish ZAP (Indicates a phish or spam message detected and auto-purged after delivery.)

Email malware EventTypes:

  • Anti-malware engine (Indicates a message caught by the Office 365 anti-malware engine.)

  • ATP safe attachments* (Indicates a message with a malicious attachment blocked by ATP.)

  • ATP safe links* (Indicates when a malicious link is blocked by ATP.)

  • ZAP (Indicates a message with malware detected and auto-purged after delivery.)

  • Office 365 file reputation (Indicates a message with a known malicious file blocked.)

  • Anti-malware policy file type block (Indicates when the Common Attachment Types filter blocks a file.)

0 Replies