Automatic scan of suspicious emails for threats

Threat Intelligence allows you to provide automated handling of a common Security Response team job; that is, checking suspicious emails for malware. By setting up an email address for your users to forward any suspicious email to, the emails can be automatically scanned and replied to, with security incidents created to follow up on any emails with attached malware or links to known bad websites.

Before you begin

The first step is to provide the email address that users will be instructed to forward their suspicious emails to.

Role required: admin

Procedure

  1. Navigate to System Policy > Email > Inbound Actions.
  2. Locate and open Scan email for threats.
  3. Scroll down to the Conditions section.
    Conditions section of inbound actions
  4. In the To condition, enter an email alias or portion of the email address to which users can forward emails with suspicious attachments, URLs, or IP addresses for scanning purposes.
  5. Click Update.
    A scan request is created to scan the files attached to the email. If the scan results in the discovery of malware, a security incident will be created. Either way, a reply email will be sent to the requestor with the results of the scan.