thanks for your reply.
BTW: we are getting a report every hour, so the condition that activates this notification still seems active.
If I get your question right you want to know where we already did look for those threats.
So here are some reports (translated from the german installation we have):
Threats of the last 30 days grouped for action taken
Group by (Action)
cleaned by deleting
When I change this report to show a whole year I can get this to a total of 95. Even when changing the filter to show two years, we get only 95 entries.
In the Computers view of SMC there are no Threats shown. A few have been marked as resolved in the past days.
In the Threats view of SMC there are no current Threats shown. I have to change the filter to show resolved. Then there are 13 entries. If i change this to show 365 days i get the 95 incidents again.
Heading over to the Mailsecurity on our Exchange we have the following data in the logs:
Mail-Server-Protection (filtered to show the last 24hours): 302 total, evenly distributed, so like 15 events an hour, containing spam and rules for mail-attachments, this is a normal amount, we usually have like 400 a day