Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.
Versions
  • London
  • Kingston
  • Jakarta
  • Istanbul
  • Helsinki
  • Geneva
  • Store
Close

Create email matching rules for user-reported phishing

Create email matching rules for user-reported phishing

You can create rules for determining whether attachments received in potential phishing emails are attacks. Then, your users can save the emails as EML files and send them to ServiceNow. If information in the attachments match the rules you defined, security incidents are automatically created.

Before you begin

Role required: sn_sec_cmn.write

Procedure

  1. Navigate to Security Operations > Email Processing > User Reported Phishing.
  2. Click New.
    Email matching rules
  3. Fill in the fields, as needed.
    Field Description
    Name Enter a name for this email matching rule.
    Conditions Use the condition builder to define the conditions under which an EML attachment will be identified as a potential phishing risk.
  4. Click Submit.