Old UI
  • Documentation Platform
    • Technical Guide
      • Whitelisting
        • Whitelisting the Pictures on Microsoft Outlook Apps
      • Minimum Requirements
      • On-Premise Requirements
        • Restricting the Access to Portal According IP
          • How to Import SSL Certificates in IIS
        • Why does the disk on the server fill up fast?
      • Getting Started
      • Phishing Simulator
      • Awareness Educator
      • Incident Responder
        • How does investigation mechanism work?
          • Benefits of Phishing Incident Responder
          • Reverse Engineering Support
          • Privacy and Security
          • Audit
          • Integrations
        • API Settings
          • Configuration steps for Office 365: Microsoft Graph App Configuration
          • Exchange Mail Configuration
          • GSuite API Configuration Guide
          • Gsuite Mail Configration
        • Analysing Suspicious Emails
          • Starting an Automatic Incident Investigation
          • Starting a Manual Incident Investigation
          • Playbook
        • FAQ (Incident Responder&Phishing Reporter)
      • Phishing Reporter Add-In
        • Installation
        • Microsoft Defender Email Reporter Add-In
      • Email Threat Simulator (ETS)
        • Creating a Trusted Account for E-mail Security Tests
          • Restriction of the Authority of the Test Account
          • Restrict Email Address
          • Enable Mailbox Audit Logging for Test Account
        • Dashboard
        • Quick Scan
        • Advanced Scan
        • Interpretation of ETS Report
        • FAQ ( ETS)
      • Threat Intelligence
        • FAQ (Threat Intelligence)
      • Report Manager
        • Phishing Campaign Report List
          • Phishing Campaign Summary
          • Statistics
          • Opened Email
          • Clicked Link in The Phishing Campaign Email
          • Submitted Form
          • Opened Attachment
          • Phishing Reporter
          • Campaign No response
          • Email Delivery Report
          • Phishing User Compare
          • Departments
        • Training Campaign Reports
          • Training Summary
          • Training Statistics
          • Opened Training Email
          • Clicked Training Link
          • View Duration
          • No Response
          • Sending Report
          • Training User Compare
          • Exam
        • Users KPI
          • User-based Grade
          • Department-based Grade
          • Target Group based grade
          • Company-based grade
        • Advanced Reporting
      • Company
        • User Role Management
      • Advanced Settings
        • Allow Email Domains
        • White Labelling
        • LDAP Settings
        • SCIM Integrations
        • Notification Templates
          • Short Codes
          • Using Notification Templates
        • Data Anonymisation
      • Available for Option
      • API Guide
        • REST API for Incident Responder (IR) Operation
        • REST API for SSO Authentication
      • Diagnostic Tool
        • FAQ
    • Maintenance Tool
    • FAQ (All Modules)
      • Video Tutorials
        • Quick Start
        • Google Workspace API Configuration Guide
        • On Premise Requirement Checker Video
        • Phishing Reporter Installation & Deployment
Powered by GitBook
On this page
  1. Documentation Platform
  2. Technical Guide
  3. Incident Responder
  4. Analysing Suspicious Emails

Starting a Manual Incident Investigation

PreviousStarting an Automatic Incident InvestigationNextPlaybook

Last updated 2 years ago

With the Manual Investigation feature, you can start an investigation with various filtering options. With the criteria you have selected, it is possible to find whether the other users have a suspicious email in their inbox or not.

The Incident Responder has an in-depth investigation process that takes less than a minute to find the suspicious emails.

To start a manual investigation, click on the Incident Responder > New Investigation button.

Once you click on the New Investigation button, you will go to the Incident Investigation page.

When you press Add a Filter button, you can customise your investigation query by filtering to any criteria that may be in the header, body, attachment information of an email like IP, from, to, URL, hash, and so on. See the picture below.

After you investigate the suspicious content in the inbox of the users according to any filter you have chosen, you will see if any other users have the same suspicious email.

After you have detected suspicious email within the inboxes of the other users, you can then follow two alternative ways:

  1. You can delete the suspicious email from the user's inboxes with one click.

  2. You can send a warning message that this email is malicious.

After sending a warning message that the email is malicious, a message such as the following is delivered to the users.

Figure 1. Manual Incident Investigation Page
Figure 2. Filtering the investigation on users inboxes
Figure 3. Warning Message with Highlighted With a Red Line