Viewing an Incident
Go to PhishTitan > Incidents. Incidents reported by a user are listed in the Action Needed tab. In the Resolved tab, you can see incidents flagged by the system, including auto remediation if you've set that up, and the ones you've marked as safe or sent to junk (remediated).
To view additional details of an incident, go to the Actions column and select the view
icon for that incident. The Incident Summary page displays.
Incident Summary
The Incident Summary page shows all available details for an incident listed in PhishTitan > Incidents.
![PT-Incident-Summary-Release-Blog.png](image/uuid-94ad98d1-044f-73ea-aaf4-2168d6bace0e.png)
You can navigate the four tabs at the top to find more information about the incident.
![PT-incidents-tabs.jpg](image/uuid-3c32a25d-adf1-a214-5165-941ccb98dd26.jpg)
DETAILS
The Details tab is automatically open when you land on the Incident Summary page. It includes details of the email, including the date and time received, sender's email address, and the content of the email. If the email was flagged as phishing or fraud, the Reasons for Detection and URL Analysis provide further information in the column to the right.
The message header displays details about the incident, including its current status and flag reason:
![PT-Message-Header-Incident-Summary.jpg](image/uuid-f60ce957-5a5f-4bd5-d162-48b6ee0513fe.jpg)
Status
Every incident is assigned a status
Flag Reason
The following table explains reasons why an email can be flagged for further investigation.
Flag Reason
Description
User Reported Phishing
A user reported this email as phishing with the TitanHQ for Outlook add-in.
User Reported Clean
A user reported this email as clean with the TitanHQ for Outlook add-in.
Suspicious Text
PhishTitan detected suspicious text in the body of this email.
Malicious Links
PhishTitan detected malicious links in the body of this email. A malicious URL is a link embedded in an email that was created with the purpose of promoting scams, attacks, and frauds. When selected, malicious URLs can download ransomware, or lead to phishing or spearphishing emails.
Phishing
Spoofed Display Name
Spam
Fraud
Actions
When you select one of the following actions for an email or domain, it is applied to all affected users. Select the Affected Users tab to see a list of all users that received the email.
Remediate: This action moves this email from a user's inbox to their Junk folder.
Mark as Safe: This action adds a green banner to this email marking it as safe. The email is delivered to the user's inbox.
Allow Sender: This action adds the sender to the Allow List. The email is delivered to the user's inbox without analysis. See Adding a Sender to the Allow List for additional information.
Allow Domain: This action adds the domain to the Allow List, so that any email using that domain is delivered to the user's inbox without analysis. See Adding a Domain to the Allow List for additional information.
Banners
THREAT COACH
AFFECTED USERS
The date and subject of the email are listed here, along with the email addresses of the recipient and sender. The name of the customer is also listed.
RECEIVED HEADERS
The content of the received header is displayed.