Avanan: IRaaS SOP

Purpose

This Standard Operating Procedure (SOP) aims to provide clear and consistent guidelines for handling Sonic Wall customers using the IRaaS service. This SOP seeks to define the processing and handling of these messages and the expectations of all parties if a message is sent to Check Point’s IRaaS service.

Scope

The scope of this SOP applies to all Avanan Sonic Wall customers leveraging the IRaaS service to review and act on reported messages and restore requests.

Procedure

The following steps outline the procedure for reporting messages and the workflow based on their findings.  

1. Sonic Wall customers enable the IRaaS service for the tenants they wish to be included in this service. This enablement is done from the MSP portal and applied to the individual tenants.

2. With this enabled, users requesting restoration of quarantined emails or those reporting suspicious emails will have these requests sent to the Check Point IRaaS team automatically.

3. When the message is reported and investigated

   1. If an analyst finds the message to be clean, the message is restored.

   2. If an analyst finds the message is malicious, it is quarantined, and the restore request is denied. 

   3. If an analyst finds the message inconclusive, a second analyst will review the message. If the second verdict is also inconclusive, a notification is sent to those listed as admins who have the “Send Alerts” enabled, and it will be up to the admin if they want to risk restoring the message.