Creation of forwarding/redirect rule alert: improve visibility of address forwarded to
When an alert is triggered because of the Creation of forwarding/redirect rule policy, finding the address that is being forwarded to is very tedious compared to how important this information is. It is also drowned by all the information around it despite it being the second most important element to decide if the alert should be investigated further or dismissed.
The current route is:
1) Click on "view alert details" in the e-mail notification / on the alert in the alert list of the S&C center
2) In the alert, click on "view activity list"
3) In the activity list, click on the link in the "activity" column ("New-InboxRule" in our case)
4) In the activity, click on "More information"
5) Scroll down to "parameters" and find the json attribute with "Name: 'ForwardTo'"
I understand this is a generic alert intended to work with all mail flow rules that show us the maximum amount of details, but the fact that I have to load five different panels to get one of the most important "details" of the alert is poor UI design to me.
Would it be possible to move the address where email is being forwarded to to the email notification, or move it to a new column of the activity list ?
Matt H commented
Also worth having the ability for the alert to highlight/differentiate between emails being forwarded internally & those being forwarded externally.
Internally forwarded rules are typically of a low alert level, but a rule forwarding emails externally, especially an entire inbox carries a medium/high alert level