Threat Inbox
Read this article in: Deutsch
Threat Inbox is the new investigation hub for all reports made via the Phishing Report Button.
In one place you can filter, review, and classify reported emails. You can see who reported it, when, what the sender details were, attachments, links, and even header info, all without switching tools.
When the threat is resolved, feedback can be sent back to the employee who reported it, reinforcing the right behaviour and keeping that feedback loop alive.
Overview
Main page
To access this page, navigate to Phishing Report Button / Threat Inbox in the Manager.
Here you will find your reports show up as they are submitted via the Phishing Report Button.
Filtering
You can use the following filters on the left side of the main Threat Inbox page:
All | See all reports regardless of their status. |
|---|---|
Open | See all incoming reports that are not yet resolved. |
Incidents | See all open reports reported as an Incident (only if you have Incident Reporting activated). |
Attachments | See all open reports with attachments. |
Links | See all open reports with links. |
Resolved | See all reports that have been resolved. |
Detail view
Basic details & content
Review key details and the email content
Attachments
Review attachment details and copy the file hash
Links
Review and copy links
Headers
Review all of the email’s headers
Resolving a report
When you select Resolve in the Threat Inbox E-Mail overview, a dialog window opens where you classify the email report and optionally send feedback to the reporter. Each classification links to a unique feedback email tailored to respond appropriately. By default, the feedback email sends automatically when you select Resolve and send feedback. To skip sending feedback, deselect the Send feedback email to reporter checkbox.
How do I get access to Threat Inbox?
Threat Inbox is only available to Premium and above tiers, as well as those who have the Phishing Reporting Button enabled. To access Threat Inbox, head over to the main navigation menu on the left of the SoSafe manager, and navigate to Phishing Reporting Button / Threat Inbox. If Threat Inbox is activated, you will see your reports ready to be analyzed. If it is not yet activated, you will have the option to do so right on that page:
What do the feedback emails look like?
There are four feedback emails, each unique to the classification category that you can see when you resolve a report. They are ‘Non-Malicious’, ‘Phishing’, ‘Spear Phishing’ and ‘Spam’. These are sent automatically when you classify and resolve an email, unless you uncheck the Send feedback email to Reporter checkbox in the dialog window that appears then you want to resolve a report. Please note that these feedback emails can be previewed via the Preview feedback email button on the main Threat Inbox page, where you will note that each email will contain your company’s logo.
Does Threat Inbox affect the experience of using the Phishing Report Button?
No, not at all. The Phishing Report Button functions exactly the same as it would if Threat Inbox was not activated. However, experience shows that closing the loop via feedback emails encourages secure behavior, making the Phishing Report Button even more effective over time.
I don't need Threat Inbox, how do I setup my Jira or ServiceNow integration?
Threat Inbox is a quick and easy tool to hit the ground running with your report investigations. But it may be the case that you have your own tool (such as Jira or ServiceNow) that would you prefer to use. Simple navigate to Settings / Integrations in the Manager, where you will be able to quickly set yourself up.