Skip to main content

Automated Phishing Investigation

  • Updated

Overview

Intezer's Automated Phishing Investigation allows security teams to automate the analysis and classification of suspected phishing emails reported by employees or flagged by security solutions. It parses raw email data, scans attachments, analyzes URLs, and uses Large Language Models (LLM) to detect phishing manipulations within the email body (coming soon). Key output includes the verdict, risk evaluation, and recommended next steps, accelerating effective issue resolution.

How to Submit Phishing Emails for Investigation

For automating phishing email analysis, there are three possible methods:

  1. Dedicated Mailbox: Set up a dedicated mailbox and forward all suspected phishing emails to this endpoint.

  2. API or Python SDK: Submit raw phishing emails (.msg or .eml) directly through our API or via the Python SDK.

  3. SOAR Integrations: Submit the suspicious email via Intezer’s SOAR integrations (Splunk SOAR, XSOAR, Chronicle SOAR, Microsoft Sentinel, ...).

View Investigation Results

The automated phishing email analysis results will be displayed under the "Ingested Alerts" page. For each email, Intezer provides automated triage information, including a risk classification, a verdict, and the recommended actions. These results can also be retrieved using either the API, Python SDK, webhook, or SOAR integration.

This allows security teams to easily integrate the results of Intezer's automated phishing investigation into their workflow and existing processes.

phishing-example.png

Setting Up A Dedicated Mailbox

To set up a dedicated mailbox to forward all suspected phishing emails, you should contact Intezer Support. Please contact support@intezer.com and request a dedicated mailbox. Once set up, all intended phishing emails forwarded to this mailbox will be automatically ingested by Intezer.

Setting Up "Report Phishing" Button in Office 365

Office 365 users can use the Report Phishing add-in that adds a "Report Phishing" button to Outlook users that employees can use to send suspicious emails to the dedicated mailbox and delete the message.

Key Benefits

Employing this feature leads to substantial time-saving for security teams due to the analysis and triage process automation. Instead of manually investigating each suspected phishing email, security personnel can rely on the comprehensive report prepared by Intezer’s automated phishing investigation feature, freeing them to focus on higher-level decision-making and strategic responses to any detected phishing threats. 

Return to top