Resolved
All security events have now been successfully restored and validated.
Remediation is now completed.
Identified
As an update, the majority of Security Events have been backfilled successfully. The process continues for a couple final events, and we will update once fully complete and validated.
Identified
The process to restore missing Security Events has passed all testing, and Proofpoint will begin the remediation process momentarily.
We will update again once all Security Events from the impact window have been restored.
Identified
Our team has identified a potential way to restore events from Friday 27th Feb 10:33am UTC - Monday 2nd March 10:59am UTC in the Security Events tab.
The team is currently conducting rigorous testing, and will look to deploy it over the course of the week if testing goes well.
We will update once this restoration is underway.
In the meantime, all triggered emails remain available in the Investigate & Respond tab of your portal.
Identified
As of 14:10 UTC March 2nd - all events and triggered emails from the impact window can now be viewed in the Investigate & Respond tab. Customers are encouraged to review and action impacted events via I&R in the short term.
The team is currently working to restore the same emails in the Security Events tab. As a reminder, this impacts triggered emails from Friday 27th Feb 10:33am UTC - Monday 2nd March 10:59am UTC.
Investigating
In the Core Email Protection (CEPAPI) Security Events view, some threat event details processed cannot be viewed in full.
The timeframe for when these events were received and processed is Friday 27th Feb 10:33 am to 2nd March 10:59am
For events meeting this criteria, the following error may be displayed:
"event details are currently unavailable for this email. We are working on the issue to get it fixed as soon as possible"
Engineering is aware of this problem and is currently working on a solution.
