Viewing an Incident
Go to PhishTitan > Incidents. Incidents reported by a user are listed in the Action Needed tab. In the Resolved tab, you can see incidents flagged by the system, including auto remediation if you've set that up, and the ones you've marked as safe or sent to junk.
To view additional details of an incident, go to the Actions column and select the view
icon for that incident. The Incident Summary page displays.
Incident Summary
The Incident Summary page shows all available details for an incident listed in PhishTitan > Incidents.
The header shows you the current status of this incident and a dropdown menu of available actions:
Status
Status
Description
Available Actions
An email has been flagged by a user as phishing or clean using the TitanHQ for Outlook add-in.
This incident needs Admin attention and review.
Allow Sender
Mark as Safe
Send to Junk
Administrator has reviewed this email and determined it was malicious and selected to move it to a user's Junk folder.
This email has been moved to the Junk folder for all recipients.
Allow Sender
Mark as Safe
PhishTitan has flagged this email as suspicious and applied a warning banner before delivering to a user's Inbox.
Allow Sender
Mark as Safe
Send to Junk
Administrator has reviewed this email and determined it is safe. Once marked as safe, the email is then delivered to all recipients with a banner marking it as safe.
Allow Sender
Send to Junk
Auto remediation has been enabled meaning that this email has automatically been moved to the Junk folder for all recipients.
Allow Sender
Mark as Safe
Actions
When you select one of the following actions for an email or domain, it is applied to all affected users. Select the Affected Users tab to see a list of all users that received the email.
Allow Sender: This action adds the sender to the Allow List. The email is delivered to the user's inbox without analysis. See Adding a Sender to the Allow List for additional information.
Allow Domain: This action adds the domain to the Allow List, so that any email using that domain is delivered to the user's inbox without analysis. See Adding a Domain to the Allow List for additional information.
Mark as Safe: This action adds a green banner to this email marking it as safe. The email is delivered to the user's inbox.
Send to Junk: This action moves this email from a user's inbox to their Junk folder.
Below the header are a series of tabs that can be selected.
Details: This tab is automatically open when you land on the Incident Summary page. It includes details of the email, including the date and time received, sender's email address, and the content of the email. Images included in a reported email are not displayed. Reasons for Detection explain why the email was flagged as phishing.
Also included are the Reasons for Detection to the right of the email.
Affected Users: The date and subject of the email are listed here, along with the email addresses of the recipient and sender. The name of the customer is also listed.
Received Headers: The content of the received header is displayed.
PhishTitan adds a banner to an email based on the following:
Threat reported or detected: A Warning banner is applied if spam, malware, or phishing has been automatically detected by PhishTitan.
If your administrator has flagged the email as phishing, then it also receives a Warning banner.
No threat detected: If an email is considered clean and no threat has been detected, a green banner is applied.
