LogoLogo
Get Demo
  • 💫NEXT-GENERATION PRODUCT
    • Introduction
    • Getting Started
      • 1. Invite System Users
      • 2. Add Target Users
        • Add Users via CSV
        • Add users via SCIM
          • SCIM Setup in Azure AD
          • SCIM Setup in Okta
          • SCIM Setup in Onelogin
          • SCIM Setup in Jumpcloud
        • Add users via LDAP
        • Add Users via API
      • 3. Email Deliverability
        • Microsoft 365
          • M365: Direct Email Creation
          • M365: Whitelisting
        • Google Workspace
          • Google: Direct Email Creation
          • Google: Whitelisting
        • Exchange 2013 and 2016
      • 4. Track Opened Emails
      • 5. Allow Phishing URLs
        • Whitelist for Office 365
        • Whitelist for Google Workspace
        • Whitelist for Exchange 2013/2016
        • Whitelist in Security Solutions
      • 6. Setup Phishing Reporter
        • Step 1. Download Phishing Reporter
        • Step 2. Deploy Phishing Reporter
          • How to Deploy Add-In in Microsoft 365
          • How to Deploy Add-In in Exchange Admin Center
          • How to Deploy Add-In in Google Workspace
          • How to Deploy Add-In in Outlook
            • Troubleshooting Phishing Reporter Add-In on Outlook Desktop
      • 7. Incident Responder Setup
        • Step 1. Integrate Threat Intel Partners
        • Step 2. Mail Configurations
          • Microsoft 365
          • Google Workspace (Gsuite)
          • Exchange (EWS)
    • Platform
      • Dashboard
        • Dashboard Widgets
        • Incident Responder Widgets
        • Threat Sharing Widgets
        • Phishing Simulator Widgets
      • Threat Intelligence
      • Email Threat Simulator
        • Start Scan
        • View Scan Report
        • Create Trusted Account on Exchange
        • Start Scan on O365 Email Account
        • Start Scan on Google Workspace Email Account
      • Threat Sharing
        • Communities
        • Incidents
      • Phishing Simulator
        • Manage Phishing Scenarios
          • Phishing Scenarios
          • Email Templates
          • Landing Pages
        • Phishing Campaign Manager
        • Phishing Campaign Reports
        • Settings
          • DNS Services and Domains
          • Exclude IP Address
      • Callback Simulator
        • Manage Callback Scenarios
          • Callback Scenarios
          • Callback Email Templates
          • Callback Templates
        • Callback Campaign Manager
        • Callback Campaign Reports
        • Settings
          • Callback Phone Numbers
      • Vishing Simulator
        • Vishing Templates
        • Vishing Campaign Manager
        • Vishing Campaign Reports
      • Smishing Simulator
        • Manage Smishing Scenarios
          • Smishing Scenarios
          • Text Message Templates
          • Landing Page Templates
        • Smishing Campaign Manager
        • Smishing Campaign Reports
        • Settings
          • Manage DNS and Domains
          • Exclude IP Addresses
      • Quishing Simulator
        • Manage Quishing Scenarios
          • Quishing Scenarios
          • Quishing Templates
          • Quishing Landing Page Templates
        • Quishing Campaign Manager
        • Quishing Campaign Reports
        • Settings
          • DNS and Domains
          • Excluding IP Address
      • Awareness Educator
        • Training Library
        • Enrollments
        • Certificates
        • Training Reports
        • Training Completion Queries
      • Incident Responder
        • Incident Responder Dashboard
        • Investigations
        • Integrations
        • Playbook
        • Mail Configurations
          • Microsoft 365
          • Exchange
          • Google Workspace
        • Cross Company Integration
      • Phishing Reporter
        • Phishing Reporter Customization
        • Phishing Reporter Deployment
          • How to Deploy the Add-in in Microsoft 365
          • Phishing Reporter Page View Failure Due to Deprecated Exchange Online Tokens
          • Microsoft Ribbon Phishing Reporter
          • Microsoft Page View Phishing Reporter
          • How to Deploy the Add-in in Exchange Admin Center
          • How to Deploy the Add-in in Google Workspace
          • Phishing Reporter Announcement Email Template
        • Diagnostic Tool
        • Integrating Microsoft Phishing Reporting Button with Keepnet
        • Integrating Microsoft Defender with Keepnet Phishing Reporter
        • Troubleshooting Phishing Reporter on Outlook Desktop
      • Reports
        • Advanced Reports
        • Executive Reports
        • Scheduled Reports
        • Gamification Report
      • Company
        • Target Users
        • Companies
          • Company Groups
        • Company Settings
          • Privacy
            • Account Privacy
            • Data Privacy
          • AI Ally Settings
          • SMTP Settings
          • Direct Email Creation
            • Direct Email Creation for Google Workspace
            • Direct Email Creation for Microsoft 365
          • Notification Templates
          • Google User Provisioning
          • REST API
          • White Labeling
          • Proxy Settings
          • SAML Settings
            • How to Configure SAML on ADFS
            • How to Configure SAML on Google Workspace
            • How to Configure SAML on Azure AD
            • How to Configure SAML on CyberArk
            • How to Configure SAML on Okta
          • SCIM Settings
            • Getting Started with SCIM
            • Azure AD SCIM Integration
            • Okta SCIM Integration
            • Onelogin SCIM Integration
            • Jumpcloud SCIM Integration
          • SIEM Integrations
            • Splunk Integration
            • Syslog Integration
          • LDAP
          • Allowed Domains
        • System Users
          • People
          • Roles
        • Audit Log
        • Job Log
      • Free Phishing Email Analysis Service
    • Miscellaneous
      • Whitelisting
        • How to Whitelist an IP Address in Office 365
        • How to Whitelist an IP Address in Exchange 2013 and 2016
        • How to Whitelist an IP Address in Google Workspace
        • How to Whitelist in Mimecast
        • Whitelisting in Other Security Solutions
        • Whitelisting the Pictures on Microsoft Outlook Apps
        • Keepnet Tools Whitelisting Guidelines
        • Understanding Email Delivery Errors
        • Tracking Email Opens in Phishing Simulations
      • User Profile
      • Multi-Factor Authentication (MFA) Settings
      • On-Premise Requirement Checker
      • Platform Requirements
        • Portal UI Requirements
        • Phishing Reporter Requirements
        • Diagnostic Tool Requirements
      • Maintenance Tool
      • Understanding the Preferred Language Setting
  • 📚RESOURCES
    • Platform Security
    • Volume & Performance
    • Customer Help Desk
    • Product Update/Maintenance
    • Research Methodology
    • Release Notes
      • 2025
      • 2024
      • 2023
      • 2022
      • 2021
      • 2020
  • ⚖️Legal Hub
    • For Customers
      • Customer Terms of Service
      • Product Specific Terms
      • Jurisdiction Specific Terms
      • Data Processing Agreement
      • Regional Data Hosting Policy
      • Product and Services Catalog
      • Acceptable Use Policy
      • Keepnet Security Program
      • Microsoft CoPilot Usage Policy
    • For Everyone
      • Website
        • Terms of Use
        • Privacy Policy
        • Cookie Policy
      • Free Phishing Email Analysis
        • Terms of Service
        • Privacy Policy
      • Transparency Report
Powered by GitBook

Copyright © Keepnet Labs LTD. All rights reserved.

On this page
  • Shortcuts
  • FAQ
  • How does the Phishing Reporter button work?
  • How does the Phishing Reporter work with SOC Tools?
  • How does the Phishing Reporter label or identify reporting of duplicates?
  • Is there a feedback loop to the users on the result of the investigation?
  • How can we seamlessly integrate with investigative tools to ensure efficient handling/management?

Was this helpful?

Export as PDF
  1. NEXT-GENERATION PRODUCT
  2. Platform

Phishing Reporter

PreviousCross Company IntegrationNextPhishing Reporter Customization

Last updated 1 month ago

Was this helpful?

This section describes in detail how to customize the add-in on the platform and deploy the Phishing Reporter add-in to users in Microsoft 365, Exchange, or Google Workspace platforms.

This page also contains how to customize the Diagnostic Tool service and deploy it to the users to monitor the users' Phishing Reporter Outlook Add-in.

Shortcuts

FAQ

How does the Phishing Reporter button work?

The Keepnet Phishing Reporter offers two methods for reporting a suspicious email:

How does the Phishing Reporter work with SOC Tools?

The Phishing Reporter from Keepnet works seamlessly with SOC tools to streamline and automate phishing analysis and incident response within organizations.

Keepnet offers native integration with several major SOC platforms, including IBM Resilient, IBM QRadar, Splunk Phantom, ArcSight, and SOAR tools. For further details, please contact us directly.

How does the Phishing Reporter label or identify reporting of duplicates?

  1. Clustering similar reported suspicious emails: This method groups together emails that are alike in content or characteristics, helping to identify and manage duplicate reports.

  2. Clustering reporters with different reported suspicious emails: This approach groups reporters based on the types of suspicious emails they report, even if the emails themselves are not identical. This helps in recognizing patterns or trends in the reporting behavior across different users or departments.

Is there a feedback loop to the users on the result of the investigation?

Yes, Keepnet offers a feedback mechanism to inform users about the outcomes of their reported suspicious emails.

  1. This is facilitated through the use of playbooks, which allow you to define the process for providing feedback to employees, the SOC team, or service providers. For instance, you can set up a playbook to send an email to your employees detailing the analysis results of a reported email or alert the SOC team about phishing or malicious activities flagged by your staff.

  2. Additionally, Keepnet provides customizable notification templates to streamline the feedback process. These templates can be tailored to meet your organization’s specific needs, ensuring employees are appropriately informed about the status of suspicious emails they report.

  3. Security admins can also manage feedback directly from the Incident Response dashboard. Admins can effectively update users on the reported incidents by selecting a notification template and adding a custom message.

How can we seamlessly integrate with investigative tools to ensure efficient handling/management?

To seamlessly integrate with investigative tools for efficient handling and management of reported incidents, Keepnet offers several approaches:

  1. Native Integrations:

  1. Using Email Formats:

  1. API Integration:

Incident Responder APIs: Utilize Keepnet's Incident Responder APIs to fetch reported email data. This data can then be processed or analyzed using other incident management systems. Our APIs provide flexibility to adapt and integrate with any external system, enhancing the overall response capability.

These methods ensure that you can tailor the integration process to meet your organization’s specific needs and existing infrastructure, enabling efficient management of phishing incidents.

It calls Keepnet's APIs to report the emails in a

It sends a copy of the reported suspicious email to the SOC team. The "" section provides customization options.

Keepnet also provides robust APIs that allow integration with any SOC tools or services. You can access the API documentation to learn how to utilize the

Keepnet's "" feature effectively manages duplicates by organizing reported suspicious emails into clusters. This feature works in two primary ways:

: Begin by contacting us to learn about the native integrations we offer with various SOC tools and solutions. This will provide direct, built-in connections that facilitate smooth data flow and interactions.

Send Copies of Emails: One of the simplest methods to integrate third-party solutions is to send a copy of the reported suspicious email in either .eml or .msg format. This can be configured in the "Email Settings" section, as detailed in our documentation.

💫
Phishing Reporter Customization
Phishing Reporter Deployment
Diagnostic Tool Customization and Deployment
fully encrypted and secure manner.
Email Settings
here
Incident Responder APIs.
cluster view
Contact Keepnet
here
Keepnet Phishing Reporter button