Settings
Access your PhishER Settings by clicking on the gear icon in the bottom-left corner of your PhishER platform. This is the area where you can configure and manage your PhishER Account and Integrations settings.
Jump to:
Account
Account
To configure Account settings for your PhishER platform, navigate to PhishER > Settings > Account. Here, you will see four sections: Reporting Emails, Email Server, Email Templates, and Data Retention.
Reporting Emails
Reporting Emails are all of the email addresses tied to your PhishER platform. Your reporting emails will be used to forward user-reported messages to your PhishER inbox.
How to Generate a Reporting Email Address
To generate a reporting email address, click on the Generate New Email button in the top-right corner. Your reporting email address will then appear under the text box. You have the option to generate as many reporting email addresses as you'd like. This option may be beneficial to organizations who want to provide a different reporting email address across user groups, PAB instances, or office locations. Keep in mind, all emails forwarded to your reporting email addresses will empty into a single PhishER inbox.
To enable or disable reporting email addresses, click the toggle button in the Active column. In the Forwarded Only column, you have the option to only allow reporting email addresses to receive manually forwarded reported emails. In the Actions column, you have the option to delete any of the generated reported email addresses. The Delete option may be beneficial to organizations that have generated a large amount of reported email addresses that they no longer want to use in their account.
Forwarding Reported Emails Using the PAB
Emails reported using the KnowBe4 PAB will be forwarded to your reporting email address(es) once you add your reporting email address(es) to your Phish Alert settings (see the steps below). Using the PAB email forwarding method will ensure the entire message with headers is forwarded to your PhishER inbox.
- Copy your reporting email address from your PhishER Settings.
- Paste your reporting email address into the Send Non-Simulated Emails to: field under your Phish Alert settings.
Manually Forwarding Reported Emails
If your organization does not have the PAB installed, all reported emails must be manually forwarded to your reporting email address(es) for the emails to reach your PhishER inbox. We recommend setting up an alias in your mail server that points to your PhishER reporting email address. Then, instruct your users to forward all suspicious emails to the alias email address.
Alternatively, you can download the .eml file of an email, attach the .eml file in a new email, and then send it to PhishER. PhishER will recognize this process as a PAB report.
Email Server
The information added to your Email Server settings will populate the email template used when the Send Email option is selected for the Choose how you would like to report this action section of the Action Details screen.
- Default From Address This is the email address that will populate in the From field when the Send Email option is selected for the Choose how you would like to report this action section of the Action Details screen.
- Default From Name This is the name that will populate in the From Name field when the Send Email option is selected for the Choose how you would like to report this action section of the Action Details screen.
- Default Reply to Address This is the email address that will populate in the Reply To field when the Send Email option is selected for the Choose how you would like to report this action section of the Action Details screen.
- Default Reply to Name This is the email address that will populate in the Reply To Name field when the Send Email option is selected for the Choose how you would like to report this action section of the Action Details screen.
- X-Phisher header A custom header that is attached to an outgoing email for flagging and/or tracking purposes. This outgoing email is sent as a result of selecting the Send Email option for the Choose how you would like to report this action section of the Action Details screen.
- Email Headers This option will allow you to overwrite fixed return-path address with the From address that you entered in your KMSAT Account Settings.
- DKIM Signature This option allows you to enable DKIM Signatures in your PhishER platform.
- Configure DKIM This option allows you to configure, and add, your own custom domains or use KnowBe4's signing domain to your PhishER platform as DKIM Signatures. For more information on how to configure DKIM, visit our How to Enable and Configure PhishER DKIM Signatures article.
- Allowed Domains This is a list of all of the Allowed Domains that have been added and verified to your KMSAT Account Settings. For more information on Allowed Domains, visit our How to Add and Verify Allowed Domains article.
Once your Email Server settings are configured, click the Save button.
Email Templates
Create custom email templates and include them in your PhishER actions. If an action is triggered and an email template is attached to the action, the email template will automatically send to the specified recipients. For more information about email templates, visit our How to Create a Custom Email Template in PhishER article.
Notifications
You can send notifications to specific users based on your saved queries or rooms in PhishER. For example, you can notify admins once a room has less than 10 emails or more than 50 emails after a specific period of time.
To set up notifications, click the New Notification button. Then, you can customize the notifications by selecting notification settings.
Data Retention
Data Retention is calculated as the elapsed time since a message was reported by a user. Configure your Data Retention settings for all messages delivered to your PhishER inbox by selecting a Retention Type and Retention Period.
- Select Retention Type
- No Message Retention (Past and Future) This option will permanently delete all records of both past and future messages. This will include the entire raw message as well as any actions, labels, rules, tags, and other data. None of the data removed from the message will show up in any historical reports.
- No Message Retention (Future Only) This option will permanently delete all records of future messages. This will include the entire raw message as well as any actions, labels, rules, tags, and other data. None of the data removed from the message will show up in any historical reports.
- Message Timestamps and Dispositioning Retention This option will permanently delete all records of the message, including the entire body, raw message details, and email addresses. This option will only keep information related to message properties related to dispositioning such as category, status, or priority and timestamps. This option is used to delete everything that isn't needed for Dashboard reports.
- Message Body and Details Retention This option will remove the entire raw message, including body, headers, email addresses, and attachments. This option is used to drop private information that may be found in the body from our serves. This option will only keep information related to message properties, actions, labels, and rules.
- Retention Period
- Enter the number of Days, Months, or Years using the input field and drop-down. The minimum retention period is one day and the maximum retention period is ten years.
Once your Data Retention settings are configured, click the Save button.
Preferences
From the Preferences tab, you can enable the Password Protect Downloads setting. This setting allows you to set a password to protect the files and attachments that you download from reported messages.
To set a password, follow the steps below:
- Turn on the toggle to enable the Password Protect Downloads setting.
- In the Password field, enter a password that is at least six characters long.
- Click Update Password.
When this setting is enabled, all original email files and attachments that you download from the Message Details page will be converted to password-protected ZIP files. To download a file or attachment from the Message Details page, you can click either the Download Original Email button or the download icon next to the attachment name.
Security Roles
To create new Security Roles, add KMSAT users to PhishER, and assign security roles and PhishER access to users in your PhishER platform, navigate to PhishER > Settings > Security Roles. Here, you will see two sections: Users and Roles.
Users
To add a new user to the PhishER console, follow the steps below:
- Click the Add New User button.
- Enter the KMSAT email address of the user you want to add.
- Click Add.
Once you have successfully added the desired user, you can grant them PhishER access by clicking the Actions button. From the Actions button, you can also Revoke PhishER Access and update the Security Roles for that specific user.
In the Update Assigned Security Roles window, you will get a suggested list of filters as you start typing in the text field.
Roles
To create a new Security Role, follow the steps below:
- Click the Add New Role button.
- Name the security role.
- Select whether this security role will grant Limited or Full access to the following sections of PhishER. In each dropdown, you will see the different access areas depending on Limited or Full access:
RoomsLimited:
- Users can access the Inbox, Reports, and Dashboard pages
- Users can use the Search bar
Full:- Users can save a query to a Room from the Inbox
- Users can delete a Room
InboxLimited:- Users can view the Inbox
- Users can access the Message Details if the Inbox Message Details Access box is checked
Full:- Users can use the Rule Replay option
- Users can send emails
- Users can set the Category, Status, and Priority fields
- Users can access the Message Details if the Inbox Message Details Access box is checked
RulesLimited:- Users can view Rules
- Users can access the Allow Rule Replay button if Allow Rule Replay box is checked
Full:- Users can create Rules
- Users can update Rules including updating Tags, the target email, YARA rules, the name of a Rule, and the description of a Rule
- Users can delete, disable, or enable Rules
- Users can preview Rules
- Users can access the Allow Rule Replay button if Allow Rule Replay box is checked
ActionsLimited:- Users can view and save the order of Quick Actions and Actions
Full:- Users can edit, view, create, update, delete, save the order, and run Quick Actions and Actions
PhishRIPLimited:- Users can view PhishRIP Messages, PhishRIP Queries, and Message Details
- Users can use the Search bar
- Users can access the Message Details if the PhishRIP Message Details Access box is checked
Full:- Users can view PhishRIP Messages, PhishRIP Queries, and Message Details
- Users can use the Search bar
- Users can send emails
- Users can quarantine, restore, delete, and set fields for Status and Resolution
- Users can access the PhishFlip option to create KMSAT Phishing Templates and campaigns
- Users can access the Message Details if the PhishRIP Message Details Access box is checked
BlocklistLimited:- Users can view the Blocklist
- Users can filter the Blocklist
Full:- Users can view, create, and delate Blocklist entries
- Users can filter the Blocklist
SettingsLimited:- Users can view the reporting email, email server, Data Retention, VirusTotal, PhishML, and PhishRIP
- Users can view Email Templates
- Users can view Syslog integration information
Full:- Users can edit, view, and update the reporting email, email server, Data Retention, VirusTotal, PhishML, and PhishRIP
- Users can edit, view, create, update, and delete Email Templates
- Users can edit, view, create, update, and delete Syslog integration information
- Add tags into the Tag Limitation field. This field ensures that users in that specific Security Role can only see messages that contain the added tags. This tag limitation will apply to the Dashboard, Inbox, Rooms, and Reports.
- Select the Set As Default Security Role checkbox to apply this security role to all users and newly added users.
- Click Save.
Once you have successfully created a Security Role, you can begin to add the role to the Users that you added to your PhishER console from the Users page.
Integrations
PhishER supports third-party integration with VirusTotal, Syslog, and the KnowBe4 Security Awareness Console. Navigate to PhishER > Settings > Integrations to configure integration settings for your PhishER platform. Here, you will see four sections: VirusTotal, Syslog, Webhooks, and the KMSAT Console.
Mail Servers
The Mail Servers tab allows you to connect and manage your Microsoft 365 and Google Workspace mail server instances in a single location. After you connect your mail server instances on this tab, you can enable PhishRIP or PhishER Blocklist features in your platform.
Once you connect a mail server to a feature on your PhishER platform, you can edit and test the connection. If you update a mail server instance, the instance will automatically update across your PhishER platform. You can also connect mail servers from the Blocklist or PhishRIP tabs in your PhishER Settings.
To learn how to connect and manage mail servers, see the subsections below.
Connecting a Microsoft 365 Mail Server
To connect a new Microsoft 365 mail server instance, follow the steps below:
- Log in to your PhishER platform.
- Navigate to PhishER > Settings > Mail Servers.
- If you would like to connect to PhishRIP, click New PhishRIP Connection and follow the steps in the Enabling for Microsoft 365 section of our How to Use PhishRIP article. If you would like to connect to the PhishER Blocklist, click New Blocklist Connection and follow the steps in the Blocklist section.
Connecting a Google Workspace Mail Server
To connect a new Google Workspace mail server instance, follow the steps below:
- Log in to your PhishER platform.
- Navigate to PhishER > Settings > Mail Servers.
- Click the New PhishRIP Connection button and follow the steps in the Enabling for Google Workspace section of our How to Use PhishRIP article.
Managing Your Mail Servers
Once you connect mail server instances, they will display on the Mail Servers page. When you edit or delete a mail server instance, the updated information will display automatically across your PhishER platform. If you disconnect an instance, it will display on the Mail Servers page until you delete it or reconnect it.
To learn more about the Mail Servers page, see the screenshot and list below.
a. New PhishRIP Connection and New Blocklist Connection: You can click these buttons to add a new mail server instance or reconnect a disconnected instance. For more information about connecting an instance, see the above subsections of this article.
b. Pencil icon: You can click this icon to customize the name of a mail server instance.
c. Test PhishRIP Connection and Test Blocklist Connection: You can click these links to confirm that a mail server is connected to your PhishER platform. The date and time when the connection was successfully tested will display next to the link.
d. Disconnect PhishRIP and Disconnect Blocklist: You can click these buttons to disconnect a mail server from a PhishER feature.
e. Trashcan icon: You can click this icon to delete a disconnected mail server instance.
Blocklist
The Blocklist tab allows you to enable the PhishER Blocklist feature, which helps your mail server prevent malicious or spam emails from reaching your users’ inboxes. With this feature, you can block emails from specific senders, domains, URLs, and file hashes.
To enable your blocklist, follow the steps below:
- Log in to your PhishER platform.
- Navigate to PhishER > Settings > Blocklist.
- Click on the Connect to Microsoft 365 button. This button will take you to the Microsoft login page.
- Once logged in, the Permissions requested Accept for your organization window will display (click to view). Once you've read the permissions, click the Accept button.
- Turn on the toggle button next to Disabled.
- From the Blocklist Entry Duration drop-down menu, select the amount of time that you would like entries to remain on your blocklist. A duration of 30 days is selected by default.
- Click Save.
When the PhishER blocklist is enabled, a block icon will display in the navigation panel on the left side of your PhishER platform (click to view). You can click this icon to access your blocklist.
After you enable the PhishER blocklist, you will need to assign the Exchange Administrator role to authenticate the PhishER Blocklist application.
To assign role permissions, follow the steps below:
- Log in to your Microsoft 365 account using your admin credentials.
- Navigate to Azure Active Directory > Azure AD roles and administrators.
- Select the Exchange Administrator role and click Add assignments.
- In the search bar, enter "PhishER Blocklist" and click Add to assign the Exchange Administrator role to the PhishER Blocklist application.
Once you’ve enabled the PhishER blocklist, you can add and manage blocklist entries. For more information about using your blocklist, see our How to Use the PhishER Blocklist article.
VirusTotal
VirusTotal is a service that inspects and analyzes files for malicious content. A VirusTotal scan is completed using over 70 antivirus scanners. If a file is submitted for a VirusTotal scan, the results will be shared publicly in the VirusTotal community. This is to spread awareness of verified malicious content.
The VirusTotal Public API (free version) is limited to 500 requests per day and 4 requests per minute when conducting a scan in your PhishER platform. Please visit here for more information.
For a list of KnowBe4 domains that should not be sent as links or attachments to VirusTotal, please click here.
How to Integrate VirusTotal
To integrate your VirusTotal account with PhishER, you must have an active VirusTotal license key. If you do not have a VirusTotal account, you can join their Community for free here. Integrating your VirusTotal account with PhishER will enable you to run a VirusTotal scan on message attachments and URLs.
As part of the VirusTotal integration, you will have the option to enable and configure VirusTotal Automatic scanning for your platform. If automatic scanning is enabled, VirusTotal will automatically be sent a hash of all attachments and/or URLs received by your PhishER inbox.
- Enter your VirusTotal key
- Retrieve your VirusTotal key from VirusTotal and add it to the Enter your VirusTotal key field. Then, toggle the Enabled button.
- VirusTotal Automatic Scanning (optional)
- Automatically scan ALL Attachments (Hashes Only) VirusTotal will automatically be sent a hash of all attachments received by your PhishER inbox. Click on the toggle button to enable this setting.
- Automatically scan ALL URLs VirusTotal will automatically be sent all URLs received by your PhishER inbox. Click on the toggle button to enable this setting.
- Timeout if no response (seconds) Set a custom timeout window for your VirusTotal scan results. If VirusTotal does not return scan results within this allotted time frame, a VT_Bypassed tag will be applied to the corresponding message. By default, the timeout window is 120 seconds.
- Ignored Domains
- Enter the domains that you would like VirusTotal to ignore when performing a scan. Make sure to add each new domain as a new line in the text box. Adding a new domain to this list will also exclude all subdomains. However, adding a subdomain will not exclude the domain. Note: Wildcards (*) and URI are not supported.
Once your VirusTotal key is added and your automatic scan settings are configured, click the Save button.
VirusTotal Tags
A VirusTotal scan will apply one or more of the following tags to your email(s):
VirusTotal Tags |
|
Tag | Description |
VT_Pending | The tag added to your message when a VirusTotal scan is queued. This tag will be removed when the scan is completed. |
VT_Bad | The tag added to your message when a VirusTotal scan determines the scanned attachment to be malicious. |
VT_Scanned | The tag added to your message when a VirusTotal scan is completed and not determined to be malicious. |
VT_Bypassed |
The tag added to your message when a VirusTotal scan times out (it is common for this tag to display with additional VirusTotal tags). You can set a custom timeout window under your VirusTotal Automatic Scanning settings. Note: If a VirusTotal timeout occurs, PhishER will still wait for your VirusTotal results to return. However, automated actions will not run against the item being scanned by VirusTotal. |
VT_Hash_not_found | The tag added to your message when a VirusTotal scan doesn’t return a match for the hash. |
VT_Ignored | The tag added to your message when URLs and/or domains found on your whitelist are detected on a message. |
A message with multiple attachments may have multiple VT tags, as not all scans complete at the same time or have the same results.
Syslog
The Syslog integration option can be used to log when actions are triggered in your PhishER platform. To add a Syslog, click on the New Syslog button in the top-right. This will open the Add Syslog Settings window.
- Name Custom name you would like to assign your Syslog server.
- Protocol Select one of the following protocols from the drop-down: TCP, UDP, TLS, or TLS_INSECURE.
- Host Enter the host IP address of your Syslog server.
- Port Enter the port number of your Syslog server.
- Format Select one of the following Syslog output formats from the drop-down: JSON, CEF, or LEEF.
Integrate a Syslog server with PhishER by configuring the settings shown above and then clicking the Create button. Syslog integration will allow your organization to track and log events that take place in your PhishER platform. You have the option to add as many Syslog servers as you'd like.
If you select the Send to Syslog option under the Choose how you would like to report this action section when creating a PhishER action, a drop-down will appear. This drop-down will list all of the Syslog servers you have integrated with PhishER from the Integrations screen.
Syslog Output Formats
During your Syslog integration with PhishER, you can select one of the following output formats for your Syslog reports: JSON, CEF, or LEEF. Click on the drop-down below to see an example output for each format.
Example JSON Output:
{
"receivedAt":"2019-05-20T17:39:43.351851Z",
"reportedAt":"2019-05-20T17:39:39Z",
"sender":"sender@yourDomain.com",
"reporter":"reporter@yourDomain.com",
"subject":"JSON Syslog Example",
"priority":"medium",
"category":"spam",
"status":"received",
"action":"Action 1",
"tags":"TagSet"
"permalink":"[[Unique URL]]"
}
JSON Attributes |
|
Name | Meaning |
receivedAt | The date and time of when the message was received by the PhishER inbox. Date and Time Format: yyyy-MM-dd'T'HH:mm:ss.SSSSSS'Z' |
reportedAt | The date and time of when the message was reported by a user. Date and Time Format: yyyy-MM-dd'T'HH:mm:ss.SS'Z' |
sender | The email address associated with the original source of the message. |
reporter | The email address of the user who reported the message. |
subject | The text found in the Subject line of the original message. |
priority | A message can be evaluated as having a low, medium, high, critical, or unknown priority. |
category | A message can be categorized by your PhishER inbox in one of four ways: clean, spam, threat, or unknown. |
status | The current state of PhishER analysis a message is in. A message can have a status of received, in review, or resolved. |
action | The name of the PhishER action that triggered this report. |
tags | A label attached to the message based on the message's attributes. |
permalink | A URL specific to the individual message in your PhishER inbox. |
Example CEF Output:
start=1543962447998
rt=1543962447998
duser=destUserName@yourDomain.com
suser=sourceUserName@yourDomain.com
cat=unknown
act=Action1
cs2Label=Status cs2=received
cs3Label=Subject cs3=CEF Syslog Example
cs4Label=Tags cs4=TagSet
cs6Label=Permalink cs6=[[Unique URL]]
CEF Attributes |
|
Name | Meaning |
start | The date and time of when the message was received by the PhishER inbox. The date and time are represented in milliseconds. |
rt | The date and time of when the message was reported by a user. The date and time are represented in milliseconds. |
duser | Destination user, or the email address of the user who reported the message. |
suser | Source user, or the email address associated with the original source of the message. |
cat | The name of the PhishER category the message belongs to. A message can be categorized by your PhishER inbox in one of four ways: clean, spam, threat, or unknown. |
act | The name of the PhishER action that triggered this report. |
cs2Label=Status | The current state of PhishER analysis a message is in. A message can have a status of received, in review, or resolved. |
cs3Label=Subject | The text found in the Subject line of the original message. |
cs4Label=Tags | A label attached to the message based on the message's attributes. |
cs6Label=Permalink | A URL specific to the individual message in your PhishER inbox. |
Example LEEF Output:
start=1541008403775
rt=1541009403775
duser=destUserName@yourDomain.com
usrName=userName@yourDomain.com
cat=Threat
act=Test Action
cs2Label=Status cs2=Pending
cs3Label=Priority cs3=High
cs4Label=Subject cs4=Testing Email
cs5Label=Tags cs5=Tag1,Tag2
cs6Label=Permalink cs6=[[Unique URL]]
LEEF Attributes |
|
Name | Meaning |
start | The date and time of when the message was received by the PhishER inbox. The date and time are represented in milliseconds. |
rt | The date and time of when the message was reported by a user. The date and time are represented in milliseconds. |
duser | Destination user, or the email address of the user who reported the message. |
usrName | User name, or the email address associated with the original source of the message. |
cat | The name of the PhishER category the message belongs to. A message can be categorized by your PhishER inbox in one of four ways: clean, spam, threat, or unknown. |
act | The name of the PhishER action that triggered this report. |
cs2Label=Status | The current state of PhishER analysis a message is in. A message can have a status of pending, received, in review, or resolved. |
cs3Label=Priority | A message can be evaluated as having a low, medium, high, critical, or unknown priority. |
cs4Label=Subject | The text found in the Subject line of the original message. |
cs5Label=Tags | A label attached to the message based on the message's attributes. |
cs6Label=Permalink | The URL specific to the individual message in your PhishER inbox. |
Webhooks
Webhooks, also known as an HTTP push API, is a way for an app to provide other applications with real-time information. You will be able to receive a callback based on an Action that is attached to a message.
To add a webhook, click on the New Webhook button at the top of the page. This will open the Add Webhook Settings window.
- Name Custom name that you want to add to your Webhook.
- URL Enter the URL that you are trying to callback to. For a list of URL rewriters and shorteners that are compatible with PhishER, see our PhishER FAQ article.
- Authorization Select one of the following protocols from the drop-down: No Auth, API Key, Bearer Token, or Basic Auth.
- Available Data Select one of the following types of data that you would like to send to the Webhook: Raw, Body (HTML), Links, Bad Links, Tags, PhishML, Headers, Body (Text), Attachments, Bad Attachments, Message Details, VirusTotal, and Addresses. The Addresses data type will include all email addresses, such as from, to, cc, reply to, and reported by, in the Webhook payload.
- Custom Data Enter any custom keys or values.
- Custom Headers Enter any custom keys or values.
- Message Tags Select whether this webhook will receive a Success or Failure tag.
Create a Webhook from the PhishER server by configuring the settings shown above and then clicking the Create button. The webhook will allow your organization to send the selected information to your desired app.
If you click on an existing Webhook, you will be able to update the webhook information or delete that webhook with the Delete Webhook button at the top of the window.
Under Actions, you can now select the Send to Webhooks option to send the reported messages that are related to that Action.
When that Action is triggered, you can click on the message in the Inbox and view which Webhook the message is being directed to.
Cyren Inbox Security (CIS)
When using Cyren Inbox Security (CIS), you have the option to send scanned or reported emails to your PhishER platform. For more information about this feature see our Cyren Inbox Security (CIS) Integration article.
KMSAT Console
If you have a Platinum or Diamond level subscription, the KMSAT integration option can be used to see the following events on your Users' Timelines:
- The disposition of the emails reported by your users when they use the Phish Alert Button.
- The disposition and location of a message that has been quarantined by PhishRIP.
To integrate your KMSAT Console with PhishER, you must retrieve your KnowBe4 User Event API token from the User Event API section of your Account Settings. Entering your KMSAT Console token into the field shown below enables the Send to KMSAT option when creating a new Action.
When the Action is triggered, the event shows the disposition of reported emails on the Users' Timeline.
When the Automatically send PhishRIP Events to KMSAT Console toggle is enabled, when a message is quarantined by PhishRIP, the event will show the disposition and the location that message was found in their mailbox.
You must have PhishRIP enabled in order to use the Automatically send PhishRIP Events to KMSAT Console integration feature. Leaving the Automatically send PhishRIP Events to KMSAT Console toggle disabled will not prevent you from seeing the disposition of reported emails on your User's Timeline.
You can filter which type of PhishRIP events you would like to send to KMSAT based on the following sources of the PhishRIP query:
- Clean
- Spam
- Threat
- Unknown
Once you have entered the KMSAT Console token, click the Save button to integrate PhishER with your KMSAT Console.
KnowBe4 Labs
In the KnowBe4 Labs section, you can view and manage PhishER add-on features. For more information about each of the KnowBe4 Labs tabs, see the subsections below.
PhishML
The PhishML tab allows you to enable PhishML, a PhishER machine-learning module that analyzes messages forwarded to your PhishER platform. PhishML generates three confidence values for each analyzed message. These three values represent the percentage of certainty that a message is clean, spam, or a threat. You can view a message's confidence values from the Action tab of the Message Details page (click to view).
To enable PhishML on your PhishER platform, click the PhishML Enabled toggle. Once PhishML is enabled, you can set a custom Confidence Threshold value for each category (clean, spam, and threat). PhishML's confidence values must meet or exceed the active threshold values in order for a message to be tagged as clean, spam, or a threat.
For more information, see our How to Use PhishML article.
PhishRIP
The PhishRIP tab allows you to enable the PhishRIP feature. PhishRIP is a PhishER email quarantine feature that allows your organization to search for user-reported emails across all the inboxes associated with your Microsoft 365 or Google Workspace instances. Using PhishRIP, you can prevent active phishing attacks by removing potential email threats from your users' inboxes.
Once PhishRIP is enabled in your PhishER platform, a fishbone icon will display in the navigation panel on the left (click to view). Click on this icon to access PhishRIP.
You can use PhishRIP with more than one instance. To connect another instance, click Add new connection after saving your settings. You can also customize the name of a mail server instance by clicking the edit icon next to the name. For more information, see our How to Use PhishRIP article.
Comments
0 comments
Article is closed for comments.