Now, when the setup is done. It is time to start using the tool.
If it is not set up yet, please refer to these articles:
Install Screener in Linux
Setup Tutorial for VMware
Setup Tutorial for Virtualbox
As the first step it is highly recommended to setup Domain and SSL.
However, it is not necessary. MSI plugin is able to work with no SSL over IPv4.
This step is a must to make O365 plugin operational, it can not operate via IP address.
Also, with the domain name configured you can create an MX record for the owned domain name to receive reports over SMTP protocol.
At this stage, if an MX record is configured, the Screener is already able to accept the reports. Simply forward a suspicious email as an attachment to the email@example.com.
Configure additional users if necessary.
Each user has equal permissions, but it is possible to configure different timezones per user.
As soon as installed, a button should appear in the Outlook interface.
Simply select a suspicious email in the list and click the button.
The suspicious email is reported and now should appear in the Screener Incidents section.
Or, it can appear in the "Simulations" sections in case if a LUCY email message was reported.
The screener always listens to port 25, so in case if you are planning to report incidents over SMTP, it is enough to create an MX record of the screener domain.
There is a domain name screener.com pointing to the instance. Simply use firstname.lastname@example.org and the Screener will accept the report.
It is possible to review the incoming incidents.
The system will do an automatic analysis of an incident as soon as it is received.
The automatic scan will happen according to the Analyze rules. It will receive some spam score.
The amount of the spam score is unlimited, however, it'll be cut of to 10 since it is a maximum value for an incident.
Change the workflow status from Open to In Progress.
Define what should be done with the incident.
Should a user send an abuse?
Should a user rescan the incidents?
As soon as the incident is reviewed by a user, it is possible to define the Resolution for the incident.
It can be Dangerous or Dismissed. As soon as the Resolution is defined, the workflow status for the incident will be automatically set to "Closed".