Email Analytics

Written By Marissa Fegan (Super Administrator)

Updated at August 6th, 2024

Email Analytics includes Link Click Analysis, Threat Explorer, Policy Explorer, and Reports.

Important

  • Link Click Analysis requires the Link Isolation add-on or the Advanced Threat Protection package
  • Threat Explorer requires the Attachment Sandboxing add-on or the Advanced Threat Protection package
  • Policy Explorer is only available for customers who subscribe to the Email Advanced Threat Protection (ATP) package
 

 

Select a topic below to learn more! 

Link Click Analysis

Link Click Analysis provides details relating to links within received emails that users in your organization clicked. This content explains the data presented in this view. 

Important

Link Click Analysis is only available for VIPRE Email Security Cloud customers with the Link Isolation add-on or the Advanced Threat Protection (ATP) package.

 

 

Threat Trend

The Threat Trend bar graph shows dates and times when users within your organization may have clicked potentially harmful links. You can filter the table by clicking on a specific point on the bar graph to show only that date/time based on the Time column.

Engines (TDE)

  • DeepLink - Items in the threat table labeled with DeepLink should be given special consideration as these could potentially indicate a new, unknown threat or a targeted attack
  • Standard - Items found with the Standard Threat Detection Engine are known to be malicious

You can filter the table by clicking on the desired engine (Standard or DeepLink) in the widget to show only that category. 

Categories

Links that are clicked are categorized in one of the following ways:

  • Malicious - Items categorized as Malicious are known malicious sites
  • Suspect - Items that have been identified as suspicious sites, possibly unknown threats
  • Spam - Items that have been identified as spam based on your configured policies

In cases of items marked as Malicious, Suspect, or Spam, you can select that line item for more details such as the affected URL, the user who clicked the link, their IP and browser version, as well as the sending email address and when the email was received. You can filter the table by clicking on the desired category (Malicious or Suspect) in the donut chart to show only that category.

Top Domains

A list of the top 5 domains with suspicious or known malicious URLs sent to emails within your organization. You can filter the table by clicking on the desired domain in the Top Domains list to show only that domain under the URL column.

Top Link Clickers

A list of the top 5 users who click suspicious or known malicious URLs within their email. You can filter the table by clicking on the desired user in the Top Link Clickers list to show only that user under the Link Clicker column. Clicking "See More" expands the list of Top Link Clickers in a drill down report.

Top User Groups

A list of the top 5 user groups who click suspicious or known malicious URLs within their email. You can filter the table by clicking on the desired user group in the Top User Groups list to show data specifically for that group. 

Top Senders

A list of the top 5 email addresses that send suspicious or known malicious URLs via email to your organization. You can filter the table by clicking on the desired email address in the Top Senders list to show only that address under the Sender column. Clicking "See More" expands the list of Top Senders in a drill down report.

 

Threat Explorer

Threat Explorer provides details about all types of threats within emails that users in your organization received. This content explains the data presented in this view. 

Important

Threat Explorer is only available for VIPRE Email Security Cloud customers who have the Attachment Sandboxing add-on or the Advanced Threat Protection (ATP) package.

 

 

You can choose date ranges by clicking on the dates in the top-right corner.

  
 

Threat Trend

The Threat Trend bar graph shows dates when potentially threatening mail was received within your organization. You can filter the table by clicking on a specific point on the bar graph to show only that date/time based on the Time column.

Engines

  • Sandbox - Attachment Sandboxing Add-on is required for this; indicates the percentage of potentially harmful attachments that were caught and quarantined
  • Virus Scanner - Indicates the percentage of emails with potential viruses caught and quarantined
  • Spam Scanner - Indicates the percentage of spam emails caught and quarantined

You can filter the table by clicking on the desired engine (Sandbox, Virus Scanner, or Spam Scanner) in the widget to show only that category. 

Categories

Emails that are received are categorized in one of the following ways:

  • Suspect - Items categorized as Suspect are suspicious but not confirmed threats
  • Malicious - Items categorized as Malicious are known threats
  • Spam - Items categorized as Spam are based on your configured policies
  • Bulk - Items categorized as Bulk are based on the bulk email filter and are generally “newsletter” type messages
  • Phishing - Items categorized as Phishing are based on the Spam scanner and your configured policies

In all cases, you can select that line item for more details such as the sending email address and when the email was received, and more. You can filter the table by clicking on the desired category in the donut chart to show only that category.

Top Attack Vectors

A list of the top 5 types of attacks sent via email. (For example, 29.74% EXE, 24.03% ZIP, 13.04% URL would indicate 29.74% of the attacks were in the form of an executable file, 24.03% were in the form of a .zip file, and 13.04% were in the form of a malicious link.) You can filter the table by clicking on the desired vector in the Top Attack Vectors list to show only that category.

Top Recipients

A list of the top 5 email addresses in your organization that receive suspicious or known malicious messages. You can filter the table by clicking on the desired email address in the Top Recipients list to show only that address under the Recipient column.

Click on “See More” to expand the list of Top Link Clickers.

Top User Groups

A  list of the top 5 user groups in your organization that receive suspicious or known malicious messages. You can filter by clicking on the desired group in the Top User Groups list to show data for that specific group.

Top Senders

A list of the top 5 email addresses that send suspicious or known malicious messages to your organization. You can filter the table by clicking on the desired email address in the Top Senders list to show only that address under the Sender column. 

Clicking "See More" expands the list of Top Senders in a drill-down report.

 

 

Policy Explorer

Policy Explorer provides details relating to traffic, received or sent, that has been stopped due to custom policy blocks. This content explains the data presented in this view. 

Important

Policy Explorer is only available for customers who subscribe to the Email Advanced Threat Protection (ATP) package. 

 

 


 

Threat Trend

The Threat Trend bar graph shows the dates when incoming or outgoing messages were blocked within your organization. You can filter the table by clicking on a specific point on the bar graph to show only that date/time based on the Time column.

Directions

You can filter the table by clicking on the desired message Direction (Inbound or Outbound) in the counters widget to show only that direction.
  • Inbound - Indicates the number of incoming messages blocked by a configured policy or deny list
  • Outbound - Indicates the number of outgoing messages blocked by a configured policy

 Reasons

Emails that are received are categorized in one of the following ways:

  • Deny List - Indicates the number of messages blocked by a deny list
  • Policy - Indicates the number of messages blocked by a policy

 You can filter the table by clicking on the desired Reason (Deny List or Policy) in the counters widget to show only that reason.

 Top Policies

A list of the top 5 policies applied. You can filter the table by clicking on the desired policy in the list widget to show only messages that are blocked by that policy. 

For Partners: This will also include an icon (see: screenshot example above in the red boxes) that indicates whether any of those top policies are Advanced Policies that you have created/enabled. 

Top Recipients

A list of the top 5 email addresses in your organization that receive blocked messages. You can filter the table by clicking on the desired email address in the list widget to show only that address under the Recipient column.

 Top User Groups

A list of the top 5 user groups in your organization that receive blocked messages or send messages that are blocked by your organization. You can filter the table by clicking on the desired user group in the list widget to show only the recipients that belong to that user group.

Top Senders

A list of the top 5 email addresses that send messages that are blocked by your organization. You can filter the table by clicking on the desired email address in the list widget to show only that address under the Sender column.

 
 

Reports

  • Top Link Clickers shows you the users who most often click suspicious or known malicious URLs within their email
  • Top Link Click Senders shows you the email addresses that send the most suspicious or known malicious URLs via email to your organization
  • Top Targeted Users shows you the email addresses in your organization that most often receive suspicious or known malicious messages
  • Top Threat Senders shows you the email addresses that send the most suspicious or known malicious messages to your organization