PhishER Glossary Terms

The below glossary will provide a description of common terms used throughout the PhishER platform.

JUMP TO:
A - C - D - E - L - M - P -  Q - R - S -  T - V - Y

 

A

 

Absolute

An obfuscation type for Data Retention. This option will permanently delete all records of a PhishER message. This will include the entire raw message as well as any data enrichment, labels, rules, and actions triggered.

 

Action

A custom instruction of how a message should be handled or processed in PhishER. Visit our PhishER Product Manual article for more information.

 

C

 

Category

The grouping of messages based on disposition. A message can be categorized or dispositioned in one of four ways: Clean, Spam, Threat, or Unknown.

 

Clean

A disposition category that contains messages from your PhishER inbox that were determined to be safe or non-threatening.

 

Confidence

In terms of PhishML, the percentage of certainty that a message is clean, spam, or a threat.

 

Custom Rules

Rules your organization creates from scratch using the PhishER Rule Editor.

 

D

 

Data Retention

The elapsed time since a message was reported by a user. Visit our PhishER Settings article for more information.

 

Disposition

Categorizing a message in one of four ways: Clean, Spam, Threat, or Unknown. Each message starts out as being Unknown until further analysis determines otherwise.

 

E

 

Email Template

A custom message that can be sent when a specific action is manually run or automatically triggered. You can create an email template using the Email Template Editor.

 

Emergency Rooms

A dynamic grouping of messages by a commonality that may help to identify a trend or potential threat in your inbox, or a filtered view. Visit our PhishER Product Manual article for more information.

 

L

 

Limited

An obfuscation type for Data Retention. This option will remove the entire raw PhishER message. Rules, actions, labels, and message properties will remain visible.

 

Lucene

A query language that can be used to filter messages in your PhishER inbox. Visit our How to Use Lucene Query Syntax article for more information.

 

M

 

Matched Count

The number of times a specific rule has matched a message in your PhishER inbox.

 

P

 

PhishML

A PhishER machine-learning module that analyzes messages forwarded to your PhishER platform. Following analysis, PhishML generates three confidence values for each message. These three values represent the percentage of certainty that a message is clean, spam, or a threat. PhishML is constantly learning based on the messages that are tagged by members of the PhishER user community. This approach means that the learning model is constantly provided with new data to improve its accuracy. A higher accuracy allows more messages to be automatically prioritized or dispositioned via Rules and Actions.

 

Preview Rule

The option to preview how a YARA rule would affect messages in your PhishER inbox. Visit our How Do I Create a Rule and Action in PhishER article for more information.

 

Priority

Indicates how urgent the review of a message may be due to the potential of it having malicious content. A message can be evaluated as having a Low, Medium, High, Critical, or Unknown priority. The priority of a message is originally determined by the rules and actions put in place by your organization, but an admin has the option to change the priority of a message at any moment.

 

Q

 

QuickActions

A custom group of frequently used actions that you can add to the QuickActions bar of your PhishER inbox for quick accessibility. Visit our How Do I Create a Rule and Action in PhishER article for more information.

 

R

 

Reporting Emails

All of the email addresses tied to your PhishER platform. Your reporting emails will be used to forward user-reported messages to your PhishER inbox.

 

Retention Period

The custom time span of how long you would like PhishER to store your messages. The minimum retention period is one day and the maximum retention period is ten years.

 

Rule

A logical expression used to disposition emails forwarded to the PhishER inbox. There are two types of rules: Custom Rules and System Rules.

 

Rule Editor

The text area you can use to write the logic of your YARA Rule. PhishER rules will only follow YARA Rule logic to disposition emails.

 

Rule Target

When creating a rule, the part of the message you would like the rule to be applied to or run against. There are four targets you may choose from: Raw, Headers, Body, or Attachments. By default, the rule will have Raw set as the target.

 

S

 

Saved Queries

A filtered view set to display all custom queries created from the PhishER inbox screen. Visit our How to Create a PhishER Room article for more information.

 

Spam

A disposition category that contains messages from your PhishER inbox that were determined to be unsolicited or unwanted. Spam mail is typically sent for marketing purposes and is often trying to sell you something, such as unwanted goods or services.

 

Status

The current state of PhishER analysis a message is in. A message can have a status of Received, In Review, or Resolved.

 

System Rules

A default set of rules provided by KnowBe4.

 

T

 

Tags

A label attached to a message based on the message's attributes. There is no limit to the number of tags a message can have. Tags can be automatically or manually assigned to a message.

 

Timestamps and Dispositioning only

An obfuscation type for Data Retention. This option will permanently delete all records of a PhishER message except for timestamps and message properties related to dispositioning.

 

Threat

A disposition category that contains messages from your PhishER inbox that were determined to be malicious or harmful.

 

Threshold

The minimum percentage of certainty PhishML must meet or exceed in order to tag a message as clean, spam, or a threat. By default, the threshold values are: Clean 95, Spam 95, and Threat 95.

 

Trigger Tags

All of the tags that will cause a specific action to automatically take place.

 

V

 

VirusTotal

VirusTotal is a service that inspects and analyzes files for malicious content. A VirusTotal scan is completed using over 70 antivirus scanners. If a file is submitted for a VirusTotal scan, the results will be shared publicly in the VirusTotal community. This is to spread awareness of verified malicious content. Visit here for more information.

 

Y

 

YARA

Yet Another Recursive/Ridiculous Acronym (YARA) is a tool used to identify and classify malware samples. YARA identifies and classifies malware based on custom rules created in your PhishER platform. A rule is a description based on textual or binary patterns.