Message platform for automated threat simulation, reporting, detection, and remediation
摘要
說明書
The portal can start a new cluster if a message is received that doesn't meet the threshold for including in an existing cluster. Once formed into clusters, the reported messages can be operated on as a group. The interface can provide any arbitrary functionality on the groups. As a non-limiting example, the cluster of messages can be categorized with a simplified user interface action. For example, the cluster of reported messages may be categorized as non-malicious, spam, advanced threat, crimeware (botnets), or aggregated or averaged reputational scores.
Clusters of messages can be assigned to a category, such as spam, and then re-categorized into a different category. Recategorization can be performed by manual user action by user selection of a cluster of messages and assigning the cluster to a different category. In some embodiments, the application of new or updated rules can cause individual messages or clusters of messages to be automatically recategorized. The responsive action can include re-attaching the original attachment for non-malicious messages. Responsive actions can also include sending a message to all users who have reported messages in that cluster. Some embodiments of the system can include an interface for forwarding a cluster of messages for further processing by one of the integrations, as described below.
Based on the category applied to a cluster of messages, user reputation scores can be updated. For example, if multiple messages are reported as a suspected phishing attack, based on common parameters of those messages, those messages may be clustered. If the messages in the cluster are subsequently determined to be non-malicious, the system can automatically update the reputational scores of the users who have reported the messages as suspicious.
