Ryan Poppa Yes!

We had a business email compromise incident last week where a client sent a large volume of emails that included a link to a malicious phishing URL. This email was sent to internal and external recipients, and some of those recipients were users at OTHER clients of ours.

Once we identified the malicious URL, we added it to the universal block list, which prevented future clicks on the URL in the email from doing damage, but we wanted to identify every attempted access of that URL prior to when we updated of our universal block list.

If I had to search for this myself, client by client, that's really arduous and time consuming at scale. So, I reached out to support to get this information, which took hours (understandably).

It would be much easier if I could search across multiple client accounts simultaneously, so that I could compile of list of users we need to isolate and remediate quickly. Running the same query over and over again under each individual client is time consuming and being fast to respond is critical in this scenario.

I will attach an image of a similar query for reference.