Automatic lookup of suspicious emails for threats

Threat Intelligence allows you to automatically handle the checking of suspicious emails for malware.

Before you begin

Role required: admin

About this task

The first step is to provide the email address that users are instructed to forward their suspicious emails to. By setting up an email address for your users to forward suspicious emails to, the emails are automatically sent to the lookup source, and IP addresses and URLs are parsed and validated. Security incidents can be created to follow up on any emails with attached malware or links to known bad websites. Regardless of the results, a reply email is sent to the requester with the results of the lookup.

Procedure

  1. Navigate to System Policy > Email > Inbound Actions.
  2. Locate and open Scan email for threats.
  3. Scroll down to the Conditions section.
    Conditions section of inbound actions
  4. In the To condition, enter an email alias or portion of the email address to which users can forward emails with suspicious attachments, URLs, or IP addresses for lookup purposes.
  5. Click Update.
    A lookup request is created to lookup the files attached to the email. If the lookup results in the discovery of malware, a security incident can be created. Either way, a reply email is sent to the requester with the results of the lookup.