Identifying phishing email campaigns that are occurring in an organization is unique in that many filters applied in email security gateways can be successfully implemented to dramatically reduce the number of phishing emails that users receive. Many of these solutions create phishing alerts which can provide raw email content for analysis.
However, phishing emails can evade these filtering solutions and are delivered successfully. Many organizations utilize a dedicated mailbox that users can report suspected phishing emails to by forwarding the email as an attachment analysis.
Receive and analyze emails with rules in Sublime Security | Library | Tines
Analyze and triage suspicious emails with various tools | Library | Tines
Triage email attachments with Material Security | Story library | Tines
IRP-Phishing · main · Public Incident Response Ressources / Public Playbooks · GitLab