Ctrlk
ProductBook a demoOpen app
linkedinyoutube

Forward phishing emails from Proofpoint PhishAlarm

Configure the Proofpoint PhishAlarm button to forward user-reported phishing emails to Radiant Security.

In this article, you configure the Proofpoint PhishAlarm button to automatically forward user-reported emails to a Radiant Security mailbox. To analyze these emails, Radiant requires copies of the originals, which are obtained by forwarding them from your environment to a designated Radiant address. PhishAlarm lets you choose which address receives these messages, such as a SOC mailbox or Radiant, for each email category, including simulated phish, potential phish, safelisted messages, and training emails.

Prerequisites

Enable auto-forwarding to Radiant Security

In this phase, you configure PhishAlarm to forward potential phishing reports to Radiant Security and ensure the original message attachments are included.

  1. Sign in to the Proofpoint Security Education Platform.

  2. From the left side menu, go to PhishAlarm > Settings.

  3. In the Reported Email Handling section, under Potential phishing email handling, toggle on the Forward to the following email addresses setting and add the Radiant Security mailbox address: [email protected]

  4. Scroll down to the File Delivery Settings section.

  5. Select Forward the included attachments in the reported email.

  1. Click Save Changes.

Verify the integration

After you save your changes, confirm reports are reaching Radiant.

  1. From any mailbox in your organization, send a test message to yourself.

  2. Use the PhishAlarm button to report the test message as phishing.

  3. Sign in to Radiant Security and check the Alerts and Cases tabs for the triaged report.

If the report does not appear, confirm the following:

  • The forwarding address in Forward to the following email addresses is exactly [email protected].

  • Forward the included attachments in the reported email is enabled in the File Delivery Settings section.

  • The reporter's domain is enabled in Radiant's Monitored Domains tab.

PreviousForward phishing emails from Microsoft 365NextThreat Intelligence Hub

Last updated

Was this helpful?