Custom PhishRIP Queries

Répondu

Commentaires

3 commentaires

  • Avatar
    Walter Nelson

    Hi Sheila,

    Thank you for posting on our community board. I believe this to be a great improvement to our product. I have gone ahead and submitted this as a feature request to our development team. Hopefully, they will be able to get this implemented!

    0
    Actions pour les commentaires Permalien
  • Avatar
    Jon Walters

    I've run into this too.  If someone forwards an email to our email address that forwards to PhishER and that message is actually a Threat, I cannot create a PhishRIP query.  When I try to create it, I cannot change the sender's email address to the original sender of the malicious message.  It wants to stay with the address/domain of the person who forwarded the message which is worthless for PhishRIP.

    0
    Actions pour les commentaires Permalien
  • Avatar
    Christian Nostrom

    Hello Jon,

    Thanks for your post to the community board today.  The search criteria in a PhishRIP must be a substring of the original email.  PhishRIP can only search in mailboxes tied to M365 that you set up in your PhishER settings. Unfortunately that field doesn't allow other domains to be included because PhishRIP doesn't have the permissions to search in those mailboxes. 

    The user will need to use the PAB or attach the original email as a .eml in the forward.  Since the user forwarded the email the sender has become the reporter.  You will not be able to change to a different domain from the original sender.  If it is reported using the PAB or forwarded as a .eml it should work as expected.

    Thanks,

    0
    Actions pour les commentaires Permalien

Vous devez vous connecter pour laisser un commentaire.