Use Case: Phishing

Phishing is one of the most common and critical threats our customers face. This quickstart guide walks you through the setting up the phishing use case in Radiant Security, ensuring that we're fully set up to begin triaging phishing and business email compromise (BEC) reports.

Prerequisites

Email Data Connector configured and tested end-to-end (e.g., Microsoft 365, Google Workspace). Verify Radiant is ingesting your email logs.

Important Note: The Entra ID IAM data feed is required for the phishing use case to work. It provides the information about which domains a customer has, making it a critical dependency for the step below.

Email Action Connector (optional but recommended): While Radiant can ingest and triage phishing reports without an action connector, configuring one allows you to automate containment, remediation, and other response workflows more effectively. To learn more, visit Response Actions in Cases.

Enable your Domains

Log in to Radiant Security.
In the navigation menu, click Settings > Domains.

Locate the list of domains synchronized from your email provider.
For Status, toggle on each domain you want Radiant to monitor and triage for phishing.

Tip: Only enable domains that send or receive email relevant to your organization’s security posture.

Configure email forwarding

Choose one of the following methods to forward phishing emails and BEC reports into Radiant. Only one configuration is required, select the option that best fits your environment and solutions:

Next steps

Verify ingestion: Send a test phishing email to confirm Radiant ingests and triages it correctly.
Monitor dashboards: Check the Alerts and Cases tabs to see real-time phishing and BEC alerts triaged by Radiant.

PreviousQuickstart NextUser Management

Last updated 1 day ago

Was this helpful?

Good afternoon

hashtagPrerequisites

hashtagEnable your Domains

hashtagConfigure email forwarding

hashtagNext steps

Prerequisites

Enable your Domains

Configure email forwarding

Next steps