Thank you for your feedback.
Form temporarily unavailable. Please try again or contact to submit your comments.

Create email matching rules for user-reported phishing

Log in to subscribe to topics and get notified when content changes.

Create email matching rules for user-reported phishing

You can create rules for determining whether attachments received in potential phishing emails are attacks. Then, your users can save the emails as EML files and send them to ServiceNow. If information in the attachments match the rules you defined, security incidents are automatically created.

Before you begin

Role required: sn_sec_cmn.write


  1. Navigate to Security Operations > Email Processing > User Reported Phishing.
  2. Click New.
    Email matching rules
  3. Fill in the fields, as needed.
    Field Description
    Name Enter a name for this email matching rule.
    Conditions Use the condition builder to define the conditions under which an EML attachment will be identified as a potential phishing risk.
  4. Click Submit.