Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.
Versions
  • London
  • Kingston
  • Jakarta
  • Istanbul
  • Helsinki
  • Geneva
  • Store
Close

Automatic lookup of suspicious emails for threats

Automatic lookup of suspicious emails for threats

Threat Intelligence allows you to automatically handle the checking of suspicious emails for malware.

Before you begin

Role required: admin

About this task

The first step is to provide the email address that users are instructed to forward their suspicious emails to. By setting up an email address for your users to forward suspicious emails to, the emails are automatically sent to the lookup source, and IP addresses and URLs are parsed and validated. Security incidents can be created to follow up on any emails with attached malware or links to known bad websites. Regardless of the results, a reply email is sent to the requester with the results of the lookup.

Procedure

  1. Navigate to System Policy > Email > Inbound Actions.
  2. Locate and open Scan email for threats.
  3. Scroll down to the Conditions section.
    Conditions section of inbound actions
  4. In the To condition, enter an email alias or portion of the email address to which users can forward emails with suspicious attachments, URLs, or IP addresses for lookup purposes.
  5. Click Update.
    A lookup request is created to lookup the files attached to the email. If the lookup results in the discovery of malware, a security incident can be created. Either way, a reply email is sent to the requester with the results of the lookup.

This site is scheduled for a small content update on Monday, November 12th, between the hours of 4:00pm and 9:00pm Pacific Time (Nov 13 00:00 – 05:00 UTC). Acces to this site may be delayed during that time.