Check Point Harmony Email & Collaboration provides comprehensive dashboards and reporting capabilities to monitor your organization's email security posture. This guide covers navigating the Overview Dashboard, analyzing security events, and generating reports for stakeholders and compliance requirements.
Prerequisites
Before reviewing security reports, ensure you have:
- Harmony Email & Collaboration connected to Microsoft 365 or Google Workspace
- Administrator or Read-Only Admin access to the Check Point Infinity Portal
- Active protection policies generating security events
- Understanding of your reporting requirements (compliance, executive, operational)
Understanding the Dashboard Structure
Harmony Email provides several dashboard views:
| Dashboard | Purpose | Primary Users |
|---|---|---|
| Overview | Security posture at a glance | All administrators |
| User Interaction | User reporting and requests | Help desk, security team |
| Events | Detailed security event logs | Security analysts |
| Reports | Scheduled and custom reports | Management, compliance |
Step 1: Access the Overview Dashboard
The Overview Dashboard is your landing page for security visibility.
Navigate to the Dashboard
- Sign in to https://portal.checkpoint.com
- Navigate to Harmony > Email & Collaboration
- Click Overview in the left menu (default landing page)
Dashboard Layout
The Overview Dashboard displays:
- Protection Summary: Total protected users and applications
- Threat Overview: Threats detected in the selected time period
- Pending Actions: Items requiring administrator attention
- Recent Activity: Timeline of security events
Step 2: Review Protection Summary
Protected Assets Widget
View your protection coverage:
- Locate the Protected Assets section
- Review protected counts:
- Mailboxes: Email accounts protected
- Applications: Connected SaaS apps (Teams, OneDrive, etc.)
- Users: Unique users covered
- Click on any count to drill down into details
Connection Status
- Check SaaS Status widget
- Verify all connected applications show Connected
- Timestamps show last successful sync
- Click View Details for connection health information
Step 3: Analyze Threat Overview
Threat Detection Metrics
- Locate the Threats Detected section
- View key metrics:
| Metric | Description |
|---|---|
| Total Threats | All security events in the period |
| Phishing | Detected phishing attempts |
| Malware | Malicious attachments caught |
| BEC Attempts | Business email compromise blocked |
| Suspicious URLs | Malicious links detected |
| DLP Violations | Data loss prevention events |
- Select time range: 24 hours, 7 days, 30 days, or Custom
Threat Trend Graph
- Review the Threat Trends chart
- Identify patterns:
- Spikes in attack volume
- Day-of-week patterns
- Correlation with events (holidays, announcements)
- Hover over data points for specific values
Threat Breakdown
- View the Threats by Type pie chart
- Understand distribution:
- What percentage is phishing vs. malware?
- Are DLP violations significant?
- How much spam is being caught?
Step 4: Review Pending Actions
The dashboard highlights items requiring your attention.
Pending Actions Widget
- Locate Pending Actions section
- Review categories:
- Quarantine Restore Requests: Users requesting email release
- Reported Phishing: User-reported suspicious emails
- Anomaly Alerts: Potential account compromise indicators
- Click each category to take action
Processing Pending Items
- Click on a pending action category
- Review items requiring attention
- Take appropriate action:
- Approve or deny restore requests
- Confirm or dismiss reported phishing
- Investigate anomaly alerts
- Return to dashboard to verify pending count decreases
Step 5: Explore Security Events
Access Events Section
- Click Events in the left menu
- View the event list with all security detections
Filter Events
Use filters to find specific events:
- Time Range: Select period to analyze
- Event Type: Filter by category:
- Phishing
- Malware
- Malicious URL
- DLP
- Anomaly
- Spam
- Action Taken: Filter by outcome (quarantined, blocked, alerted)
- User: Search for specific recipient
- Severity: High, Medium, Low
Event Details
Click any event to view details:
| Field | Information |
|---|---|
| Timestamp | When event occurred |
| Event Type | Threat classification |
| Sender | Original sender address |
| Recipient | Affected user |
| Subject | Email subject line |
| Confidence | Detection confidence level |
| Action | What action was taken |
| Detection Engine | Which engine detected (AV, Threat Emulation, etc.) |
Export Events
- Apply desired filters
- Click Export
- Choose format:
- CSV: For spreadsheet analysis
- JSON: For SIEM integration
- Download file
Step 6: Use the User Interaction Dashboard
Monitor user-initiated activities and help desk tasks.
Access User Interaction
- Click User Interaction in the left menu
- Click Dashboard
Dashboard Widgets
| Widget | Description |
|---|---|
| Phishing Reports | Emails reported by users |
| Restore Requests | Quarantine release requests |
| Top Users | Most active reporters/requesters |
| SLA Trend | Help desk response time metrics |
Identify High-Risk Users
- Review Top Users widget
- Identify users who:
- Report many phishing emails (security aware)
- Request many restores (may need training)
- Click many malicious URLs (definite training need)
- Export user list for training prioritization
Monitor Help Desk SLA
- Review SLA Trend widget
- Track response time for:
- Phishing report handling
- Restore request processing
- Identify trends and staffing needs
Step 7: Generate Security Reports
Create reports for stakeholders and compliance.
Access Reports Section
- Click Reports in the left menu
- View available report types
Available Report Types
| Report | Content | Audience |
|---|---|---|
| Executive Summary | High-level threat overview | Leadership |
| Threat Analysis | Detailed threat breakdown | Security team |
| User Risk | At-risk user identification | Training team |
| Compliance | Audit-ready event logs | Compliance officers |
| DLP Summary | Data loss prevention events | Data governance |
Generate an Executive Summary
- Click Executive Summary report
- Select Time Period: Last week, month, quarter
- Configure content:
- Include threat volume trends
- Include comparison to previous period
- Include top targeted users
- Click Generate Report
- Download as PDF or View Online
Generate a Threat Analysis Report
- Click Threat Analysis report
- Select time period
- Configure filters:
- Threat types to include
- Severity levels
- User groups
- Click Generate
- Review detailed findings
Step 8: Schedule Automated Reports
Set up recurring reports delivered automatically.
Create Report Schedule
- In Reports section, click Scheduled Reports
- Click Create New Schedule
- Configure schedule:
- Report Type: Select from available reports
- Frequency: Daily, Weekly, or Monthly
- Day/Time: When to generate
- Recipients: Email addresses to receive report
- Click Save
Manage Scheduled Reports
- View list of scheduled reports
- For each schedule:
- Edit: Modify settings
- Pause: Temporarily stop delivery
- Delete: Remove schedule
- Review Last Run to verify delivery
Step 9: Configure Custom Dashboards
Create personalized views for specific needs.
Create Widget Layout
- In Overview, click Customize
- Add, remove, or rearrange widgets:
- Drag widgets to new positions
- Remove irrelevant widgets
- Add widgets from available options
- Click Save Layout
Create Multiple Views
- Create different views for different audiences:
- SOC View: Focus on events and threats
- Executive View: High-level metrics
- Compliance View: Policy violations
- Switch between views as needed
Step 10: Integrate with External Systems
Export data for SIEM integration and long-term retention.
SIEM Integration
- Go to Settings > Integrations
- Configure SIEM connector:
- Splunk
- Microsoft Sentinel
- IBM QRadar
- Generic Syslog
- Enter connection details
- Select event types to forward
- Test and enable integration
API Access
- Navigate to Settings > API
- Generate API credentials
- Use API for:
- Custom dashboards
- Automated reporting
- Integration with other tools
Datadog Integration
Harmony Email integrates with Datadog for visualization:
- Enable Datadog connector in Integrations
- Security events stream to Datadog
- Use out-of-the-box Datadog dashboards
- Create custom visualizations
Interpreting Key Metrics
Healthy Security Posture Indicators
| Metric | Healthy Range | Action if Outside Range |
|---|---|---|
| Detection Rate | >95% of known threats | Review policy configuration |
| False Positive Rate | <5% of detections | Adjust confidence thresholds |
| User Report Rate | Growing over time | Indicates security awareness |
| Mean Time to Respond | <4 hours for critical | Add automation or staff |
| Click Rate on Malicious URLs | Decreasing trend | Continue security training |
Warning Signs
Watch for these indicators:
- Sudden drop in detections: May indicate configuration issue
- Spike in specific threat type: Targeted attack in progress
- Increase in restore requests: False positives or user confusion
- Decline in user reports: Training effectiveness declining
Best Practices
- Review daily: Check dashboard each morning for overnight events
- Weekly deep-dive: Analyze trends and patterns weekly
- Monthly reporting: Generate executive reports monthly
- Track trends: Compare month-over-month metrics
- Share insights: Communicate security wins to stakeholders
- Act on data: Use reports to drive security improvements
- Automate routine reports: Schedule recurring delivery
- Retain exports: Archive reports for compliance audits
Troubleshooting Common Issues
Dashboard Not Loading Data
Symptoms: Widgets show no data or loading errors.
Solutions:
- Verify connection status to email platforms
- Check that protection policies are active
- Clear browser cache and refresh
- Try a different browser
- Contact support if issue persists
Missing Events
Symptoms: Expected events not appearing in log.
Solutions:
- Verify time range filter includes expected period
- Check event type filters aren't excluding events
- Confirm policy was active when event should have occurred
- Allow time for event processing (up to 15 minutes)
Report Generation Fails
Symptoms: Reports fail to generate or download.
Solutions:
- Reduce time range if report is too large
- Apply filters to reduce data volume
- Try different export format (CSV vs PDF)
- Check for scheduled maintenance windows
Next Steps
After mastering the dashboard and reports:
- Set up alerts: Configure notifications for critical events
- Integrate SIEM: Forward events for long-term retention
- Create playbooks: Document response procedures for common events
- Train your team: Share dashboard access with security team
- Establish KPIs: Define metrics for measuring security program success
Additional Resources
Need help interpreting your security reports? Inventive HQ provides security analysis and consulting services. Contact us for expert guidance on your email security posture.