Creating a Phishing Mailbox

Last Updated: Sep 04, 2019 09:44AM EDT
Organization Administrator
None

Overview

Phishing Mailboxes receive malicious or suspicious emails that are flagged by the Email Security Gateway or emails in .msg or .eml format that have been flagged by a security analyst. When creating a Phishing Mailbox, the Administrator must specify if the mailbox is meant to receive emails directly from network devices or if it is meant to receive email headers in the form of attachments. ThreatConnect® will parse these emails, and when the parsing is complete, if the email meets the minimum email scoring threshold, then ThreatConnect will create an E-mail Group object and Task Group object and link previously existing Indicators to the E-mail Group object if they are found in the header or body.

Creating a Phishing Mailbox

  1. On the top navigation bar (Figure 1), hover the cursor over the Settings icon and select Org Settings from the dropdown menu (Figure 2).
  2. The Organization Settings screen will be displayed with the Membership tab selected (Figure 3).
  3. Click the Email tab, and the Email screen will be displayed (Figure 4).

    NOTE: For Communities and Sources, access the Email screen by going to the Community Config or Source Config screen (see ThreatConnect Community and Source Administration Guide for more information) and clicking on the Email tab. The Community Config or Source Config screen may be accessed by clicking on Posts in the top navigation bar (Figure 1), selecting a Community or Source from the My ThreatConnect card on the left-hand side, clicking on the Community/Source Settings icon at the top left, and then clicking on the Email tab.

  4. Click the Create Phishing Mailbox button, and the Phishing Mailbox Administration window will be displayed with the Mailbox tab selected (Figure 5).

    NOTE: A System Administrator can modify the Target Mailbox name at this step.

    • Associate Recipients as Victims: Select this checkbox to create an association between the E-mail Group and the Victim(s) (i.e, the recipient(s) of the email).
    • Create Victims That Do Not Exist: Select this checkbox to create Victims that do not already exist in the Organization. This checkbox will not be available if the Associate Recipients as Victims checkbox is not selected.
    • Save Sender as a Victim: Select this checkbox to save the sender of the email as a Victim that is associated with the E-mail Group. This checkbox will not be available if the Associate Recipients as Victims checkbox is not selected.
    • Minimum Score Threshold: Manually enter, or use the Plus (+) and Minus (-) icons to enter, the minimum score that an email must meet in order to be processed. See Email Import for more information about email scoring.
    • Parse Type: Select one of the radio buttons to determine whether the body of the email or the attachment should be parsed for Indicators.
      NOTE: If the phishing mailbox is to parse out Victims, the Use Attachment option must be selected.
    • Description: Enter a description for the phishing mailbox.
    • Tags: Enter Tags, separated by commas, for the phishing mailbox.
    • Click the Next button.
  5. The Task Format tab will be displayed (Figure 6).
    • Task Name: Enter a name for the Task that will be created and associated to the E-mail Group. The format strings provided under the Task Description can be used as variables for the corresponding information.
    • Task Description: Enter a description for the Task. The format strings provided under the Task Description can be used as variables for the corresponding information.
    • Click the Next button.
  6. The Task Date tab will be displayed (Figure 7).
    • Days Until Due Date: Manually enter, or use the Plus (+) and Minus (-) icons to enter, the number of days remaining until the Task is due.
    • Ignore Due Date: Select this checkbox to ignore the due date. Doing so will gray out the Days Until Due Date field.
    • Days Until Reminder Date: Manually enter, or use the Plus (+) and Minus (-) icons to enter, the number of days until a reminder is issued about the due date.
    • Ignore Reminder Date: Select this checkbox to ignore the reminder date. Doing so will gray out the Days Until Reminder Date field.
    • Days Until Escalation Date: Manually enter, or use the Plus (+) and Minus (-) icons to enter, the number of days remaining until the date that the Task is escalated.
    • Ignore Escalation Date: Select this checkbox to ignore the escalation date. Doing so will gray out the Days Until Escalation Date field.
    • Click the Next button.
  7. The Task Assign tab will be displayed (Figure 8).
    • Assign To: Use the dropdown menu to select one or more users to which to assign the Task.
    • Escalate To: Use the dropdown menu to select one or more users to which to escalate the Task.
    • Click the Next button.
  8. The Confirm tab will be displayed (Figure 9).
  9. Review the selections, and then click the SAVE button. The phishing mailbox will be displayed on the Email tab of the Organization Settings screen (Figure 10). It may be edited or deleted by clicking on the pencil icon or the trash icon, respectively, in the Options column.
ThreatConnect® is a registered trademark of ThreatConnect, Inc.

20013-08 EN Rev. A

Contact Us

  • ThreatConnect, Inc.
    3865 Wilson Blvd.
    Suite 550
    Arlington, VA 22203

    Toll Free:   1.800.965.2708
    Local: +1.703.229.4240
    Fax +1.703.229.4489

    Email Us



https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete