Access your PhishER Settings by clicking on the gear icon in the bottom-left corner of your PhishER platform. This is the area where you can configure and manage your PhishER Account and Integrations settings.
Reporting Emails are all of the email addresses tied to your PhishER platform. Your reporting emails will be used to forward user-reported messages to your PhishER inbox.
How to Generate a Reporting Email Address
To generate a reporting email address, click on the Generate New Email button in the top-right corner. Your reporting email address will then appear under the text box. You have the option to generate as many reporting email addresses as you'd like. This option may be beneficial to organizations who want to provide a different reporting email address across user groups, PAB instances, or office locations. Keep in mind, all emails forwarded to your reporting email addresses will empty into a single PhishER inbox.
Forwarding Reported Emails Using the PAB
Emails reported using the KnowBe4 PAB will be forwarded to your reporting email address(es) once you add your reporting email address(es) to your Phish Alert settings. Using the PAB email forwarding method will ensure the entire message with headers is forwarded to your PhishER inbox.
Manually Forwarding Reported Emails
If your organization does not have the PAB installed, all reported emails must be manually forwarded to your reporting email address(es) for the emails to reach your PhishER inbox. We recommend setting up an alias in your mail server that points to your PhishER reporting email address. Then, instruct your users to forward all suspicious emails to the alias email address. Keep in mind, this method of email forwarding will result in a loss of information, such as email headers.
You have the option to enable or disable reporting email addresses by clicking the toggle button to the right of the email address.
The information added to your Email Server settings will populate the email template used when the Send Email option is selected for the Choose how you would like to report this action section of the Action Details screen.
- Default From Address This is the email address that will populate in the From field when the Send Email option is selected for the Choose how you would like to report this action section of the Action Details screen.
- Default From Name This is the name that will populate in the From Name field when the Send Email option is selected for the Choose how you would like to report this action section of the Action Details screen.
- Default Reply to Address This is the email address that will populate in the Reply To field when the Send Email option is selected for the Choose how you would like to report this action section of the Action Details screen.
- Default Reply to Name This is the email address that will populate in the Reply To Name field when the Send Email option is selected for the Choose how you would like to report this action section of the Action Details screen.
- X-Phisher header A custom header that is attached to an outgoing email for flagging and/or tracking purposes. This outgoing email is sent as a result of selecting the Send Email option for the Choose how you would like to report this action section of the Action Details screen.
Once your Email Server settings are configured, click the Save button.
Create custom email templates and include them in your PhishER actions. If an action is triggered and an email template is attached to the action, the email template will automatically send to the specified recipients. For more information about email templates, visit our How to Create a Custom Template in PhishER article.
Data Retention is calculated as the elapsed time since a message was reported by a user. Configure your Data Retention settings for all messages delivered to your PhishER inbox by selecting a Retention Type and Retention Period.
- Select Retention Type
- Absolute This option will permanently delete all records of the message. This will include the entire raw message as well as any data enrichment, labels, rules, and actions triggered.
- Timestamps and Dispositioning only This option will permanently delete all records of the message except for timestamps and message properties related to dispositioning.
- Limited This option will remove the entire raw message. Rules, actions, labels, and message properties will remain visible.
- Retention Period
- Enter the number of Days, Months, or Years using the input field and drop-down. The minimum retention period is one day and the maximum retention period is ten years.
Once your Data Retention settings are configured, click the Save button.
The Data Retention feature is currently opt-in. However, KnowBe4 reserves the right to modify the default Data Retention settings for all accounts. This modification will only affect PhishER accounts that have not configured their Data Retention settings.
PhishER supports third-party integration with VirusTotal and Syslog. To configure integration settings for your PhishER platform, navigate to PhishER > Settings > Integrations. Here, you will see two sections: VirusTotal and Syslog.
VirusTotal is a service that inspects and analyzes files for malicious content. A VirusTotal scan is completed using over 70 antivirus scanners. If a file is submitted for a VirusTotal scan, the results will be shared publicly in the VirusTotal community. This is to spread awareness of verified malicious content.
If you decided to scan a message with VirusTotal in PhishER, the message and its scan results will be public. This information is important to consider when performing VirusTotal scans on messages with sensitive information.
To integrate your VirusTotal account with PhishER, you must retrieve your VirusTotal key from VirusTotal and add it to the Enter your VirusTotal key field. Then, toggle the Enabled button and click the Save button.
If you do not have a VirusTotal account, you can join their Community for free here. Integrating your VirusTotal account with PhishER will enable you to run a VirusTotal scan on message attachments.
A VirusTotal scan will apply the following tags:
- VT_Pending The tag added to your message when a VirusTotal scan is queued and will be removed when all scanning completes.
- VT_Bad The tag added to your message when a VirusTotal scan determines the scanned attachment to be malicious.
- VT_Scanned The tag added to your message when a VirusTotal scan is completed and not determined to be malicious.
A message with multiple attachments may have multiple VT tags, as not all scans complete at the same time or have the same results.
The Syslog integration option can be used to log when actions are triggered in your PhishER platform. To add a Syslog, click on the New Syslog button in the top-right. This will open the Add Syslog Settings window.
- Name Custom name you would like to assign your Syslog server.
- Protocol Select one of the following protocols from the drop-down: TCP, UDP, TLS, or TLS_INSECURE.
- Host Enter the host IP address of your Syslog server.
- Port Enter the port number of your Syslog server.
- Format Select one of the following Syslog output formats from the drop-down: JSON, CEF, or LEEF.
Integrate a Syslog server with PhishER by configuring the settings shown above and then clicking the Create button. Syslog integration will allow your organization to track and log events that take place in your PhishER platform. You have the option to add as many Syslog servers as you'd like.
If you select the Send to Syslog option under the Choose how you would like to report this action section when creating a PhishER action, a drop-down will appear. This drop-down will list all of the Syslog servers you have integrated with PhishER from the Integrations screen.