# Phishing Configuration

Phishing is one of the most common and critical threats our customers face. This quickstart guide walks you through the setting up the phishing use case in Radiant Security, ensuring that we're fully set up to begin triaging phishing and business email compromise (BEC) reports.

### Prerequisites

* [ ] **Email Data Connector** configured and tested end-to-end (e.g., Microsoft 365, Google Workspace). Verify Radiant is ingesting your email logs.

{% hint style="warning" %}
**Important Note:** The Entra ID IAM data feed is **required** for the phishing use case to work. It provides the information about which domains a customer has, making it a critical dependency for the [step below](#enable-your-domains).
{% endhint %}

* [ ] **Email Action Connector** (*optional but recommended*): While Radiant can ingest and triage phishing reports without an action connector, configuring one allows you to automate containment, remediation, and other response workflows more effectively. To learn more, visit [Response Actions in Cases](https://help.radiantsecurity.ai/radiant-cases/radiant-cases/response-actions-in-cases). 

### Enable your Domains

1. Log in to [Radiant Security](https://app.radiantsecurity.ai/).
2. In the navigation menu, click **Settings > Domains**.

<div align="left"><figure><img src="https://2439665791-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FPsFulb2ZOtSPcRSc2rXE%2Fuploads%2FhhOdyMFjfk1W7649OSDR%2FSettings_Domains.png?alt=media&#x26;token=ee5790ee-7104-4508-8f9b-509871d0e850" alt=""><figcaption></figcaption></figure></div>

3. Locate the list of domains synchronized from your email provider.
4. For **Status**, toggle on each domain you want Radiant to monitor and triage for phishing.

{% hint style="success" %}
**Tip:** Only enable domains that send or receive email relevant to your organization’s security posture.
{% endhint %}

<figure><img src="https://2439665791-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FPsFulb2ZOtSPcRSc2rXE%2Fuploads%2FK7chLSjDuRN8PYP6J9jc%2FMonitor_Domain.png?alt=media&#x26;token=87eb94bd-5ef9-4d53-870b-ece15f5177d6" alt=""><figcaption></figcaption></figure>

### Configure email forwarding

Choose one of the following methods to forward phishing emails and BEC reports into Radiant. Only one configuration is required, select the option that best fits your environment and solutions:

1. [Direct Office 365 Forwarding](https://help.radiantsecurity.ai/radiant-connectors/set-up-email-forwarding/set-up-o365-to-forward-phishing-emails-to-radiant-security)
2. [KnowBe4 on Office 365](https://help.radiantsecurity.ai/radiant-connectors/set-up-email-forwarding/set-up-knowbe4-on-o365-to-forward-phishing-emails-to-radiant-security)
3. [KnowBe4 on Chrome](https://help.radiantsecurity.ai/radiant-connectors/set-up-email-forwarding/set-up-knowbe4-on-chrome-to-forward-phishing-emails-to-radiant-security)
4. [Proofpoint PhishAlarm](https://help.radiantsecurity.ai/radiant-connectors/set-up-email-forwarding/set-up-proofpoint-phishalarm-to-forward-phishing-emails-to-radiant-security)

### Next steps

1. **Verify ingestion**: Send a test phishing email to confirm Radiant ingests and triages it correctly.
2. **Monitor dashboards**: Check the Alerts and [Cases](https://help.radiantsecurity.ai/radiant-cases/radiant-cases) tabs to see real-time phishing and BEC alerts triaged by Radiant.