When a user sends a suspicious email using the platform's Add-in, he/she gets a thank you message.

Then the suspicious email is automatically sent to the Incident Response Platform for analysis.

Then the system automatically analyses the suspicious content, and if it is malicious, it automatically starts an incident investigation with default variables, which is to seek malicious content within the inbox of the users, find it and delete it.

See how an auto investigation works in the screenshot below. You can see the details of the number of users who have phishing reporter add-in installed, the number of incidents reported, the number of incidents resolved and the time & money saved.