The Dashboard of Advanced Threat Protection (ATP) Platform does not show as many Malicious events for Email as the Email Track and Trace tool within Email Security.cloud shows messages for Anti-Malware service for the same date.
Within ATP Platform UI, Synapse is activated.
Within ATP Platform UI, Email Security.cloud correlation is enabled.
To confirm whether ATP UI receives all Anti-Malware service events for a given date
Enumerate the Malicious email events from the graph on the Dashboard of ATP UI
Enumerate events for Anti-Malware service within Email Track and Trace
If these numbers do not appear to match, upload log evidence at the ATP CLI by typing "gather_logs", then contact support for further assistance.
To enumerate events for Anti-Malware service with Email Track and Trace in the Email Security.cloud portal
Click Tools > Email Track and Trace
In Recipient: line, type *@domain.tld ...where domain is your actual recipient domain and tld is your actual Top Level Domain.
Click Select Specific Dates and Times
On the from: line, click the Calendar button, then select the date that matched the date you examined on the Dashbaord.
On the from: line, select 12:00 AM
On the to: date, click the Calendar button, then select the same date as entered on the from: line
On the to: line, select 11:59 PM
Click "Select more search options".
From the options that appear, click Service
When the Service dropdown box appears, click "Any", then click "Anti-Malware"
At the bottom, click the Search button.
Subscribing will provide email updates when this Article is updated. Login is required.