Expel Managed Phishing means your SOC analysts don't have to investigate suspicious emails. Our SOC analysts investigate each reported email, tell you when they’re real phishes, remove the email from all inboxes (if you configure auto remediations), and close the loop with your employees. You only need to deal with phishing emails if we assign you a remediation action.
To open the Phishing dashboard, click Dashboards, and then click Phishing. If your company hasn't signed up yet for Expel Managed Phishing, you see example data.
This dashboard shows you details about the state of suspicious emails and submitters within your organization. Remember, in the upper left of this dashboard, you can select the time period you want to view. The Phishing dashboard looks like this:
Submissions by outcome over time
The chart visually shows the rate of email submissions over time. You can select and clear the kinds of submissions you want to view on the chart. On the left of this area, you see trends for Unique Malicious Senders and Unique Submitters. The arrows in our example show the unique malicious senders have gone down 3% compared to the previous 30 days, for example.
Total emails to incidents
The chart shows the ratio of various types of submissions. You can see how many emails from total submissions funnel down to incidents. You can select and clear the kinds of submissions you want to view on the chart.
Frequent submitters of
This area shows a list of the people in your organization who submitted the most emails overall and their accuracy at identifying true positives. Select from the list to see top reporters of malicious and benign emails. You see the number of submissions, the accuracy of the submissions, and the email of the submitter. You can download this list if you need it for training, for example. The user ragj, for example, has a low accuracy rate and might benefit from some training.
Malicious attachments
This chart shows you how many and what kinds of attachments are being found. We only include attachment types with the mime type application at this time. In this example, zip files are most prevalent. You might want to block these attachment types.
Actions using your tech during investigations and incidents
This chart shows technologies we're using to perform investigative actions to gather information. You can select and clear the kinds of tech shown.
Frequent domains in
A list of the domains that appear most frequently in your phishing submissions. Select from the list to see specific email types. These may be in links in the body of the email. You can download this list if you need it for training, for example. Consider blocking the malicious domains in your email gateway.
Most reported malicious emails
A list of the subject lines in the submitted phishing submissions. You can see if there are common themes among malicious emails for the time period, so that you can get a sense of what kind of phishing campaigns your users are receiving. You can download this list if you need it for training, for example.
Malicious sender domains
A list of the sender domains in the submitted phishing submissions. You can create rules to block specific recurring malicious domains. You can download this list if you need it for training, for example.