Close an Investigation

When you determine an investigation contains nothing malicious or threatening or you have remediated any threats and plan to take no further action, you can close it. Closed investigations are still available for review in Phishing Response, but are not viewed on the Analyst page by default.

1. On the Analyst page, click an investigation to select it.
2. Click Actions > Close.
3. Select a Classification. (An investigation must be classified as Malicious, Spam, Benign, or Simulation before it can be closed; it cannot be closed as Unknown.)
4. Click OK.

NOTE: Unless your organization has opted out of Continuous Detection and Response (see Phishing Response Settings), when an investigation is closed with a Malicious classification, it is subsequently reviewed by the Agari Cyber Intelligence Division (ACID). ACID will determine if the malicious investigation contains indicators of compromise (IOCs) that may be used for threat detection across the Agari network.