Skip to main content


Viewing an Incident
  1. Go to PhishTitan > Incidents. Incidents reported by a user are listed in the Action Needed tab. In the Resolved tab, you can see incidents flagged by the system, including auto remediation if you've set that up, and the ones you've marked as safe or sent to junk (remediated).

  2. To view additional details of an incident, go to the Actions column and select the view view-icon-small.jpg icon for that incident. The Incident Summary page displays.

Incident Summary

The Incident Summary page shows all available details for an incident listed in PhishTitan > Incidents.


The message header displays details about the incident, and its current status:

  • Status

  • Actions

    When you select one of the following actions for an email or domain, it is applied to all affected users. Select the Affected Users tab to see a list of all users that received the email.

    • Allow Sender: This action adds the sender to the Allow List. The email is delivered to the user's inbox without analysis. See Adding a Sender to the Allow List for additional information.

    • Allow Domain: This action adds the domain to the Allow List, so that any email using that domain is delivered to the user's inbox without analysis. See Adding a Domain to the Allow List for additional information.

    • Mark as Safe: This action adds a green banner to this email marking it as safe. The email is delivered to the user's inbox.

    • Remediate: This action moves this email from a user's inbox to their Junk folder.

Above the header are a series of tabs that can be selected.

  • Details: This tab is automatically open when you land on the Incident Summary page. It includes details of the email, including the date and time received, sender's email address, and the content of the email. If the email was flagged as phishing, the Reasons for Detection and URL Analysis provide further information in the column to the right.

  • Affected Users: The date and subject of the email are listed here, along with the email addresses of the recipient and sender. The name of the customer is also listed.

  • Received Headers: The content of the received header is displayed.