Introduction
All employees participating in the Hoxhunt training can also report real-life phishing and spam emails. You can integrate with many Incident Response solutions such as Abnormal AI, Sublime Security, Proofpoint TRAP, Palo Alto Cortex XSOAR and Mimecast by forwarding spam and phishing reports to those systems via mail-based flow.
Who can use this feature?
Commercial plan: Any
Role: Admin usersCreating an Abuse Mailbox
Below is list of services that provides an Abuse Mailbox to which Hoxhunt can forward phishing and spam reports. The list is not exhaustive. If you are wondering if Hoxhunt is able to integrate with another 3rd party Abuse Mailbox please contact a Hoxhunt representative.
Abnormal AI
Please follow the instructions in the Abnormal AI's knowledge base for how to set up an Abuse Mailbox.
Afterwards select the pre-configured format for Abnormal AI in the Threat Forwarding
settings. See section Presets in article Forwarding reported threats to your organization’s security mailbox.
Sublime Security
Please follow the instructions in this article to set up an Abuse Mailbox in Sublime Security.
Proofpoint TRAP
Please follow the instructions in Proofpoint's Knowledge Base on how to set up the TRAP Mailbox.
Afterwards select the pre-configured format for Proofpoint TRAP in the Threat Forwarding
settings. See section Presets in article Forwarding reported threats to your organization’s security mailbox.
Palo Alto Cortex XSOAR
You can use MailListener to forward reported threats to Cortex XSOAR via mail-based flow.
NOTE: If you are a Hoxhunt Respond customer, please see Palo Alto Networks Cortex XSOAR integration which allows Hoxhunt's enrichments such as classifications and threat indicators to become available to your Cortex XSOAR.
Mimecast
There is no set up of an Abuse Mailbox required. You can forward spam and phishing reports to Mimecast to help them react to high volumes of end-user reports of phishing and spam getting through their filters.
- Spam reports should be forwarded to spam@mimecast.org
- Phishing reports should be forwarded to phishing@mimecast.org
You can read more about how Mimecast process the incoming reports in this article.
Verify the email address
Before you can set up the forwarding, you need to verify the email address you plan to set up for threat report forwarding.
See how the verification is done: Email verification for automated email flows
NOTE: If you are integrating with Mimecast, please ask support@hoxhunt.com to verify the email addresses for you.
Setting up threat report forwarding
Admins can specify to which email addresses spam and phishing reports are forwarded in Hoxhunt Admin Portal under Threat Settings.
- Toggle on the required settings for phishing reports and/or spam reports.
- Specify the email address of the Abuse Mailbox from the previous step phishing / spam emails should be forwarded to from the list of verified email addresses. If the list is empty, verify an email address first.
- Click Save.
The changes will immediately go into effect.