How does it work

CybSafe Inbox Details

Integration Outline

General Integration Guidelines

SOC Simulated Attack Triage Advice

Useful Resources

How does it work

Our report phishing button integration for Microsoft works by simply forwarding our simulation email to CybSafe to be included in your Reporting Stats.

  • It is important to note that only CybSafe's Phishing simulations will be counted and tracked in your reporting. We have unique identifiers in our emails to ensure they are only counted.

  • Any emails that are not our own simulation emails will be automatically deleted and will not be counted in your Reported statistics.

CybSafe Inbox Details

The generic inbound email address is report@reportphish.cybsafe.com. The local-part of the email address is customisable to your organisation, it does not have to be called "report".

Integration Outline

CybSafe recommends a simple email forwarding approach:

General Integration Guidelines

  • CybSafe can be used in conjunction with other phishing simulation tools’ “Report Email” feature.

  • The CybSafe inbound mailbox scans any forwarded emails for CybSafe phishing, and records the users who correctly identify our simulated phishing attempts.

  • The configuration of this feature can be tailored to suit the customer organisation’s needs.

  • The organisation is to use its native “Report Email” feature (mail client dependant), which must have the capability to forward reported emails to a custom email address.

  • If the internal report phishing process relies on individuals forwarding suspect emails to a group inbox, a simple auto-forwarding rule to the CybSafe inbox can be created.

  • For more information on how CybSafe sends phishing, please see: Advanced Simulated Phishing Information.

  • You can review our allow listing instructions here: How to add CybSafe to your Allow list.

SOC Simulated Attack Triage Advice

Use the following information for your SOC team to automate triage of our phishing simulation reports.

In addition to the whitelisting signatures, CybSafe emails always contain HTML with the following signature:

The HTML shown in BOLD will always be present, so email triage can be automated with a body search for “cs-unique-ref”.

Useful Resources

Still have any questions?

If you still have any questions, you can contact the team at support@cybsafe.com and we will be happy to answer any further concerns.

Did this answer your question?