Phishing Reporter
Last updated
Was this helpful?
Last updated
Was this helpful?
This section describes in detail how to customize the add-in on the platform and deploy the Phishing Reporter add-in to users in Microsoft 365, Exchange, or Google Workspace platforms.
This page also contains how to customize the Diagnostic Tool service and deploy it to the users to monitor the users' Phishing Reporter Outlook Add-in.
The Keepnet Phishing Reporter offers two methods for reporting a suspicious email:
The Phishing Reporter from Keepnet works seamlessly with SOC tools to streamline and automate phishing analysis and incident response within organizations.
Keepnet offers native integration with several major SOC platforms, including IBM Resilient, IBM QRadar, Splunk Phantom, ArcSight, and SOAR tools. For further details, please contact us directly.
Clustering similar reported suspicious emails: This method groups together emails that are alike in content or characteristics, helping to identify and manage duplicate reports.
Clustering reporters with different reported suspicious emails: This approach groups reporters based on the types of suspicious emails they report, even if the emails themselves are not identical. This helps in recognizing patterns or trends in the reporting behavior across different users or departments.
Yes, Keepnet offers a feedback mechanism to inform users about the outcomes of their reported suspicious emails.
This is facilitated through the use of playbooks, which allow you to define the process for providing feedback to employees, the SOC team, or service providers. For instance, you can set up a playbook to send an email to your employees detailing the analysis results of a reported email or alert the SOC team about phishing or malicious activities flagged by your staff.
Additionally, Keepnet provides customizable notification templates to streamline the feedback process. These templates can be tailored to meet your organization’s specific needs, ensuring employees are appropriately informed about the status of suspicious emails they report.
Security admins can also manage feedback directly from the Incident Response dashboard. Admins can effectively update users on the reported incidents by selecting a notification template and adding a custom message.
To seamlessly integrate with investigative tools for efficient handling and management of reported incidents, Keepnet offers several approaches:
Native Integrations:
Using Email Formats:
API Integration:
Incident Responder APIs: Utilize Keepnet's Incident Responder APIs to fetch reported email data. This data can then be processed or analyzed using other incident management systems. Our APIs provide flexibility to adapt and integrate with any external system, enhancing the overall response capability.
These methods ensure that you can tailor the integration process to meet your organization’s specific needs and existing infrastructure, enabling efficient management of phishing incidents.
It calls Keepnet's APIs to report the emails in a
It sends a copy of the reported suspicious email to the SOC team. The "" section provides customization options.
Keepnet also provides robust APIs that allow integration with any SOC tools or services. You can access the API documentation to learn how to utilize the
Keepnet's "" feature effectively manages duplicates by organizing reported suspicious emails into clusters. This feature works in two primary ways:
: Begin by contacting us to learn about the native integrations we offer with various SOC tools and solutions. This will provide direct, built-in connections that facilitate smooth data flow and interactions.
Send Copies of Emails: One of the simplest methods to integrate third-party solutions is to send a copy of the reported suspicious email in either .eml or .msg format. This can be configured in the "Email Settings" section, as detailed in our documentation.
