Phish Focus : Automation Rules

Joane Bonghanoy
Updated

This article takes you through the automation rules that a Phriendly Phishing Admin can setup when emails are sent to Phish Focus Inbox. 

 Important Notes :

  • Automation Rules apply to emails based on their scan results (Clean, Threat, Undetermined). This allows the system to automatically action emails in the workflow and respond to Learners with immediate feedback.
  • If all the automation rules are disabled, Phish Focus will use the default rules below for all incoming messages. 
    AR1.png

How to Create the Rules

  1. In Phriendly Phishing platform, click AR2.png. 
  2. Once logged in to Phish Focus, go to Automation Rules and click the Rule Name you want to edit. 
    AR3.png
  3. Within the Rule Name enter Rule Information as required. AR4.png
  4. Under Rule details, there are 3 things Admins has visibility or permission to edit.
    1. Details how the rule is triggered and this cannot be modified. AR5.png
    2. Details what actions are taken for messages received. AR6.png
      1. Under Message Details, Admins can Set status, Set priority, Set category
        AR7.pngAR8.pngAR9.png
      2. Admins can Enable Phish Clear from here for this rule only. PC2.png PC3.png
      3. Admins can Enable Block List from here for this rule only. BL1.png
    3. Modify the email response that is sent to the reporter and / or SOC Team. Proceed to How to create or set-up the Email Response template
      AR10.png AR11.png

How to create or set-up the Email Response template

There are 2 types of Email Responses Admins can set-up when creating or editing an Automation Rule:

  1. Response to user 
  2. Forwarded reported email  

Response to user

  • If AR12.png is checked, the system sends a notification email to the reporter when the actions are done on the matching-condition-email.
  • If AR13.png is unchecked, the system does not send any notification emails once the action is done.
  • Click AR14.png to modify or check below fields:
    1. From 
      AR15.png
      1. From = email address for sending email from Phish Focus. This field is Read only and there is only one account used for all emails.
      2. From Name = this is required and can be edited
    2. Subject 
      AR16.png
    3. Email content = this is auto populated with the default value, but the email content can be modified prior to sending 
      AR17.png

Forwarded reported email

  • If AR12.png is checked, the system sends a notification email to the pre-defined email list of IT / SOC specialists when the actions are done on the matching-condition email. This also forwards the original email as an attachment for the IT / SOC specialist to review, analyze and action.
  • If AR13.png is unchecked, the system does not send notification emails once the action is done.
  • Click AR14.png to modify below fields:
    1. From 
      AR15.png
      1. From = email address for sending email from Phish Focus. This field is Read only and there is only one account used for all emails.
      2. From Name = this is required and can be edited
    2. To = accepts multiple email addresses, hit Enter to validate the address. 
    3. CC = accepts multiple email addresses and is not a required field. AR19.png
    4. Subject 
      AR16.png
    5. Email Content = This is auto-populated with the default value, but the email content can be modified prior to sending 
      AR18.png

Related to

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.