# Ocean Docs ## Docs - [Configure Allow and Deny Lists](https://docs.ocean.security/Configuration/allow-deny-list.md): Configure trusted and blocked senders by managing domain, IP, and sender email address allow/deny lists in Ocean. - [Quarantine Release AI Response](https://docs.ocean.security/Configuration/configure-ocean-release-from-quarantine.md): Give employees visibility into quarantined emails and a controlled path to request their release — with configurable AI and SOC review workflows. - [Configure Graymail Filtering](https://docs.ocean.security/Configuration/graymail-configuration.md): Set up how Ocean Security classifies and remediates graymail across your organization. - [Reviewing Quarantine Release Requests](https://docs.ocean.security/Configuration/untitled-page.md): Review, approve, or deny employee requests to release quarantined emails from the Ocean portal. - [Google Workspace Read-Only Integration](https://docs.ocean.security/Integrations/Google/google-workspace-read-only-integration.md): Step-by-step guide for integrating Ocean with Google Workspace in read-only mode. - [Microsoft 365 Read-Only Integration](https://docs.ocean.security/Integrations/Microsoft/microsoft-365-read-only-integration.md): Step-by-step guide for integrating Ocean with Microsoft 365 in read-only mode. - [Microsoft M365 Read/Write Integration](https://docs.ocean.security/Integrations/Microsoft/microsoft-365-read-write-upgrade.md): Upgrading your Microsoft 365 integration from read-only to read/write mode for active threat remediation. - [Microsoft M365 Quarantine Release Integration](https://docs.ocean.security/Integrations/Microsoft/quarantine-release-integration.md): This guide outines how to integrate Ocean with the Microsoft 365 Quarantine workflow. - [Custom Webhook Integration](https://docs.ocean.security/Integrations/SIEM/custom-webhook.md): Forward Ocean email security events to any HTTPS endpoint as signed JSON batches. - [SIEM Forwarding Overview](https://docs.ocean.security/Integrations/SIEM/overview.md): Forward Ocean email security events to your SIEM in near real time as structured JSON. - [Microsoft Sentinel Integration](https://docs.ocean.security/Integrations/SIEM/sentinel.md): Forward Ocean email security events to Microsoft Sentinel via the Azure Log Analytics HTTP Data Collector API. - [SentinelOne Integration](https://docs.ocean.security/Integrations/SIEM/sentinelone.md): Forward Ocean email security events to SentinelOne's Singularity Data Lake via the addEvents HTTP ingest API. - [Splunk HEC Integration](https://docs.ocean.security/Integrations/SIEM/splunk.md): Forward Ocean email security events to Splunk via HTTP Event Collector (HEC). - [Sumo Logic HTTP Source Integration](https://docs.ocean.security/Integrations/SIEM/sumologic.md): Forward Ocean email security events to Sumo Logic via an HTTP Source endpoint. - [Managing the Scope of your Ocean Integration](https://docs.ocean.security/Integrations/limiting-ocean-security-scope.md): Restrict Ocean's email protection to specific mailboxes in your Exchange Online environment, or remove that restriction when it is no longer needed. - [Calendar Invite Remediation](https://docs.ocean.security/OperationalManagement/calendar-invite-remediation.md): How Ocean removes malicious calendar invites delivered by email. - [Releasing Blocked Emails](https://docs.ocean.security/OperationalManagement/release-blocked-email.md): Release emails that were blocked by Ocean and restore them to users' inboxes. - [Introduction](https://docs.ocean.security/api-reference/introduction.md): Ocean Security API for threat detection and security metrics - [Get hours saved metric](https://docs.ocean.security/api-reference/metrics/get-hours-saved-metric.md): Calculates the estimated hours saved based on prevented threats within the specified time period. - [Get prevented financial loss metric (USD)](https://docs.ocean.security/api-reference/metrics/get-prevented-financial-loss-metric-usd.md): Calculates the total estimated financial loss prevented (in USD) based on threats within the specified time period. - [Get protected inboxes count](https://docs.ocean.security/api-reference/metrics/get-protected-inboxes-count.md): Retrieves the count of unique protected inboxes that received mail within the specified time period. - [Get threats over time metric](https://docs.ocean.security/api-reference/metrics/get-threats-over-time-metric.md): Returns the count of threats grouped by day for the specified time period. - [Get top highlighted threats](https://docs.ocean.security/api-reference/metrics/get-top-highlighted-threats.md): Retrieves a list of the top 5 highlighted threats within the specified time period. - [Get top targeted entities](https://docs.ocean.security/api-reference/metrics/get-top-targeted-entities.md): Returns a list of the top 5 targeted entities (users or groups) based on threat count within the specified time period. - [Get top threat types](https://docs.ocean.security/api-reference/metrics/get-top-threat-types.md): Returns a list of the top 5 threat types and their counts within the specified time period. - [Create an allow/deny list entry](https://docs.ocean.security/api-reference/settings/create-allow-deny-entry.md): Adds a new entry (domain, IP, or email address) to the tenant's allow or deny list. The acting api key is recorded in the audit log. - [Delete an allow/deny list entry](https://docs.ocean.security/api-reference/settings/delete-allow-deny-entry.md): Removes a tenant allow/deny entry by id. The entry must belong to the caller's tenant. - [List allow/deny list entries](https://docs.ocean.security/api-reference/settings/list-allow-deny-entries.md): Returns a paginated list of allow/deny entries for the caller's tenant, filtered by `list` (allow|deny). - [Update an allow/deny list entry](https://docs.ocean.security/api-reference/settings/update-allow-deny-entry.md): Patches a tenant allow/deny entry. Only `list`, `verdict_scope`, and `comment` are mutable. Omitted fields are left unchanged. - [Get aggregated total phishing reports by verdict](https://docs.ocean.security/api-reference/sonar/get-aggregated-verdicts.md): Returns the total count of phishing reports grouped by verdict - [Get Mean Time To Resolution for phishing reports](https://docs.ocean.security/api-reference/sonar/get-mttr.md): Returns the average time in seconds to analyze phishing reports - [Get phishing report by ID](https://docs.ocean.security/api-reference/sonar/get-phishing-report-by-id.md): Retrieves the detailed information for a specific phishing report identified by its unique ID - [Get phishing reports by internet message ID](https://docs.ocean.security/api-reference/sonar/get-phishing-reports-by-internet-message-id.md): Retrieves phishing reports matching the given internet message ID of the original reported email. Returns an array since multiple users may report the same email. - [List phishing reports](https://docs.ocean.security/api-reference/sonar/list-phishing-reports.md): Returns a paginated list of phishing reports from SONAR - [Get threat by ID](https://docs.ocean.security/api-reference/threats/get-threat-by-id.md): Retrieves the detailed information for a specific threat identified by its unique ID. - [Get threats by Internet Message ID](https://docs.ocean.security/api-reference/threats/get-threats-by-internet-message-id.md): Retrieves a list of threats sharing the same Internet Message ID. - [List recent threats](https://docs.ocean.security/api-reference/threats/list-recent-threats.md): Returns a paginated list of recent threats, optionally filtered by the number of days to look back. - [Getting Started](https://docs.ocean.security/documentation/getting-started.md) - [End Users Email Template](https://docs.ocean.security/email-template.md): Copy-paste ready templates to announce AI Response for phishing report to your employees. - [Ocean Docs](https://docs.ocean.security/index.md) - [Microsoft Quarantine Release AI Response](https://docs.ocean.security/m365-quarantine-release.md): Configure and understand the quarantine release flow for emails quarantined by Microsoft 365 — including release request handling and response behavior. - [Slack / Teams Template](https://docs.ocean.security/slack-teams-template.md): Copy-paste ready template for Slack or Microsoft Teams to notify employees about AI Response for phishing report feature. - [DNS Setup for AI Responses](https://docs.ocean.security/sonar-dns-setup.md): Configure DNS records to enable Ocean's AI Response to send automated responses from your corporate domain. - [Phishing Report AI Response](https://docs.ocean.security/sonar-phishing-response.md): Configure automated AI-powered responses to employee-reported phishing attempts.