Skip to content

Email Security Dashboard

The Email Security Dashboard lets you see email activities at a glance.

To open the dashboard, go to My Products > Email Protection > Dashboard.

The dashboard uses interactive reporting. When you change the time period or the email processing mode (Gateway, Mailflow, or both), all widgets update automatically.

If you have domains connected through Sophos Gateway and Sophos Mailflow, you see a separate panel for each connection type. The message categories remain the same across both panels.

Alerts

On the right of the dashboard, you see the alert indicator Alert indicator..

When you hover over the alert indicator, a tooltip shows the number of high, medium, and low severity alerts.

Click the alert indicator to open the Alerts page and see full details of all Sophos Email alerts.

On the Alerts page, alerts are automatically filtered to show only those related to Sophos Email. You can also take the following actions:

  • Group related alerts into a single entry.
  • Filter alerts by severity level.
  • Investigate and take action on alerts.
  • Change how frequently each type of alert is sent.

For more information about the Alerts page, see Alerts.

Statistics ribbons

You can click any entry in the Inbound Statistics and Outbound Statistics ribbons to see more details about the emails scanned and any potential threats identified during the selected time period.

You can also click an entry in Mailboxes Licensed to see more details about the licensed mailboxes in the License Usage Summary. See License Usage Summary.

Widgets

The widgets in the Email Security Dashboard provide a visual summary of email security information, including threats, encryption, user risk, and post-delivery actions.

Activity Summaries

The Inbound Activity Summary widget shows information about the message categories. The list reflects the order in which the scans take place.

  • Realtime blocked: Messages from blocked sending IP addresses.
  • Enterprise blocked: Messages sent from an address already added to the enterprise blocklist (Inbound Allow/Block).
  • Malware: Messages containing known malware.
  • Unscannable: Messages we couldn't scan for threats.
  • Intelix threat: Messages identified as threats by SophosLabs Intelix service.
  • URL/QR Code: Messages containing malicious URLs or QR codes linked to unsafe or criminal websites.
  • Impersonation: Messages that fail Impersonation Protection checks.
  • Spam: Messages containing known spam characteristics.
  • Bulk: Newsletters, mailing lists, and other forms of solicited email.
  • Authentication failure: Messages that fail authentication DMARC, SPF, or DKIM checks.
  • Data control: Messages that violate Data Control policies.
  • Legitimate: Messages classified as clean and then delivered.

The Outbound Activity Summary widget shows information about the message categories. The list reflects the order in which the scans take place.

  • Malware: Messages containing known malware.
  • Spam: Messages classified as spam.
  • Data control: Messages that violate Data Control policies.
  • Secure message: Messages secured by TLS, S/MIME, Push Encryption, or Portal Encryption.
  • Legitimate: Messages classified as clean and then sent.

You can hover over the arrow-shaped charts to see the number of messages in each threat category.

You can click the colored circles in the legend to show or hide specific categories in the charts.

You can click a category in the legend to open the Message Summary report, which shows messages that match the selected category. You can also click See Report to open the full Message Summary report and review the details of all processed messages. See Message Summary report.

Intelix Threat Summary

The Intelix Threat Summary widget shows threats identified through SophosLabs Intelix threat analysis service, which uses advanced file reputation, static analysis, and machine learning to scan email attachments.

Click a threat category in the widget to open the Intelix Threat Summary report with the data filtered by that category. See Intelix Threat Summary.

TLS Encryption Summary

This widget is only available for domains configured in Gateway mode (on-premise).

The TLS Encryption Summary widget shows how many of your inbound and outbound messages were delivered with or without TLS encryption.

The pie chart on the left shows the number of inbound and outbound messages processed for TLS Encryption. The pie chart on the right shows a breakdown of those messages based on the level of encryption used.

The TLS encryption level categories are as follows:

  • Unencrypted: Messages delivered without TLS Encryption.
  • TLS v1.2: Messages encrypted using TLS version 1.2.
  • TLS v1.3: Messages encrypted using TLS version 1.3.

To see the breakdown of encryption methods for inbound or outbound messages, click a slice in the left pie chart to update the right pie chart.

You can click a TLS Encryption category in the legend to open the Message Summary report, which shows messages that match the selected category. See TLS Encryption table.

You can also click See Report to open the full Message Summary report and review the details of delivered messages with and without TLS Encryption. See Message Summary report.

Post Delivery Summary

The Post Delivery Summary widget shows how many post-delivery protection actions were taken on messages that were initially delivered but later identified as threats. These actions include automatic search and remediation as well as on-demand clawback.

You can click the colored circles in the legend to show or hide specific categories in the charts.

Click See Report for more details and a timeline of these actions. See Post-delivery summary report.

Data Control

The Data control widget shows messages that triggered Data Control policies, helping you monitor sensitive or regulated content in inbound or outbound messages.

Click a category in the widget to open the Data control summary report filtered by that category. See Data control summary.

At Risk Users

The At Risk Users widget shows users with high-risk scores based on impersonation emails and risky behavior, such as clicking suspicious links. The widget helps you quickly identify users who need additional training or investigation.

Click See Report to see a list of users with high-risk scores. Click a score to open a detailed user risk report. See At risk users. Click Train these users with Phish Threat to assign security awareness training. See Create a campaign.

Actions

You can take additional actions in the dashboard, such as scheduling or exporting reports.

Schedule a report

You can schedule regular summary reports based on the dashboard to be sent via email to selected admins. For information on scheduling a report, see Schedule reports.

Export a report

You can export a summary report of the dashboard as a PDF file that contains a record of activities for a selected date range or for the last 90 days. The exported file contains all applied filters at the time of export. Click Export to download the report.