Incidents
Last updated
Last updated
The incidents dashboard centralizes the reporting and tracking of reported phishing incidents. It collects data on reported incidents, allowing security teams to analyze patterns, assess threat severity, and respond effectively.
The dashboard provides a streamlined interface for quickly identifying potential threats and taking appropriate actions. Use filters to group your incidents by date, client, campaign, and severity.
You can download or delete incidents straight from the dashboard, as well as forward them to your own reporting contacts.
The Centralized Analysis feature enables both manual and automatic analysis of reported emails. This allows the security team to efficiently assess and categorize threats, enhancing the overall email security posture.
The summary page displays a weighted average of the Mail Server, Domain, and Body Analysis scores, as well as general information about the reported email. You can also view or download the reported message as either a .eml or .msg file from this page.
Reported emails from a LUCY campaign are automatically categorized as simulations, all others can be assigned a status to help keep your incidents organized.
LUCY differentiates between real and simulation emails. Reports on simulation emails are included in campaign statistics, but depending on your plugin settings they do not have to be included in the incidents dashboard.
LUCY identifies simulation emails via headers that it includes with every simulation email it sends. For example:
The incident dashboard can be integrated into your organization's toolkit very easily. To use your own reporting plugin and still receive reports to the incident dashboard, follow these steps:
Configure your reporting domain’s MX records to point to LUCY.
Set an email address for receiving incident reports in the plugin settings.
Enable "Send Reports Over SMTP" and "Use SMTP for receiving incident reports on LUCY."
LUCY will listen on the reporter email's inbox and create incidents out of each email sent to that address.
Using "Send reports over SMTP" and "Use SMTP for receiving incident reports" will cause LUCY to intercept all its own emails to the reporter domain. In other words, recipients on the same domain as the reporter email will no longer receive any emails from LUCY.
