Phish Focus : Threat Analysis

Joane Bonghanoy
Updated

This article takes you through Threat Analysis, an enhanced new feature within our Phish Focus solution. 

Benefits to Security Team and / or Phriendly Phishing Administrator

  1. This feature assists in automatically identifying potential threats in user reported emails.

  2. A single place from within the Phish Focus solution displaying the results of automatic checks against multiple resources or services. 

  3. Analysis of reported emails and calculation of score based on separate services. 

This article answers below questions:

  1. How are the reported emails analysed and processed?
  2. What information in the email are being scanned or analysed by scanning services?
  3. Where can I find the Threat Analysis results?
  4. What are the required actions based on the Threat Analysis results?
  5. Where can I find the message details of the Threat Analysis results?

How are the Reported Emails analysed and processed?

What information in the email are being Scanned or Analysed by scanning services?

  • IP Addresses (IPv4, IPv6) of all servers the email came through
  • DNS Names of all servers the email came through
  • Email Addresses of the email and the envelope senders
  • Email Addresses within the email body
  • URLs within the email body including those found in the email text, images, styles, scripts
  • Attachments
  • Email body and subject

Where can I find the Threat Analysis results?

  1. Click Phish Focus from your Phriendly Phishing Dashboard.
  2. Go to Inbox, Threat Analysis column.
  3. Below are the threat scores, its colour varies based off the value: ThreatScore.png
  4. Threat Analysis can be filtered, 
    TA.png

What are the required actions based on the Threat Analysis results?

Threat Score Threat Label Colour Action Required

0

No threat

blue

 It does not pose as an immediate threat, although vigilance is still required. 

50

Undetermined

orange

 This requires attention and an action to mitigate potential threats.  Please be cautious of suspicious emails or links.

70

Threat detected

red

 Threat is detected and demands immediate action. 

100

Threat detected

red

Threat is detected and demands immediate action.

High Priority emails should be deleted from the reporter's Inbox.
Reporter needs to be informed if sensitive information is involved. 

Where can I find the message details of the Threat Analysis results?

  1. In the Inbox, click on an email.
  2. Once clicked, it then takes you to the Message Details.
  3. Click on Analysis Summary and Scan Results. Refer to below screenshots, on what the message details look like dependent on the Threat label. 
  • THREAT DETECTED
  • THREAT DETECTED
  • UNDETERMINED
  • NO THREAT

Related to

Was this article helpful?
1 out of 1 found this helpful

Comments

0 comments

Please sign in to leave a comment.