Threat Inbox
Read this article in: German, English
Threat Inbox is the new investigation hub for all reports made via the Phishing Report Button.
In one place you can filter, review, and classify reported emails. You can see who reported it, when, what the sender details were, attachments, links, and even header info, all without switching tools.
When the threat is resolved, feedback can be sent back to the employee who reported it, reinforcing the right behaviour and keeping that feedback loop alive.
Overview
Main page
To access this page, navigate to Phishing Report Button / Threat Inbox in the Manager.
Here you will find your reports show up as they are submitted via the Phishing Report Button.
Filtering
You can use the following filters on the left side of the main Threat Inbox page:
All | See all reports regardless of their status. |
|---|---|
Open | See all incoming reports that are not yet resolved. |
Incidents | See all open reports reported as an Incident (only if you have Incident Reporting activated). |
Attachments | See all open reports with attachments. |
Links | See all open reports with links. |
Resolved | See all reports that have been resolved. |
Detail view
Basic details & content
See key details and the email content.
Links
See and copy links.
Attachments
See attachment details and copy the file hash.
Headers
See all of the email’s headers.
Resolving a report
When you select Resolve in the Threat Inbox overview, you will be taken to a small dialog window (see above) where you can classify the email report and optionally send a feedback email to the reporter. Each classification category is connected to a unique feedback email tailored to respond to the reporter in the appropriate manner. By default, the feedback email will be sent automatically once you select Resolve and send feedback. Should you not wish to send any feedback, simply deselect the checkbox Send feedback email to reporter.
FAQ
How do I get access to Threat Inbox?
Threat Inbox is only available to Premium and above tiers, as well as those who have the Phishing Reporting Button enabled. To access Threat Inbox, head over to the main navigation menu on the left of the SoSafe manager, and navigate to Phishing Reporting Button / Threat Inbox. If Threat Inbox is activated, you will see your reports ready to be analyzed. If it is not yet activated, you will have the option to do so right on that page:
What do the feedback emails look like?
There are four feedback emails, each unique to the classification category that you can see when you resolve a report. They are ‘Non-Malicious’, ‘Phishing’, ‘Spear Phishing’ and ‘Spam’. These are sent automatically when you classify and resolve an email, unless you uncheck the Send feedback email to Reporter checkbox in the dialog window that appears then you want to resolve a report. Please note that these feedback emails can be previewed via the Preview feedback email button on the main Threat Inbox page, where you will note that each email will contain your company’s logo.
Does Threat Inbox affect the experience of using the Phishing Report Button?
No, not at all. The Phishing Report Button functions exactly the same as it would if Threat Inbox was not activated. However, experience shows that closing the loop via feedback emails encourages secure behavior, making the Phishing Report Button even more effective over time.
I don't need Threat Inbox, how do I setup my Jira or ServiceNow integration?
Threat Inbox is a quick and easy tool to hit the ground running with your report investigations. But it may be the case that you have your own tool (such as Jira or ServiceNow) that would you prefer to use. Simple navigate to Settings / Integrations in the Manager, where you will be able to quickly set yourself up.