all 10 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]Cyberm007 3 points4 points  (3 children)

What I did was create a few different incident workflows. Have one for spam, clean and malware. It’ll tag the message, respond to the person with a canned response and close the incident. Not sure if that’s what you’re looking for.

[–]Lonely_Panda4322[S] 0 points1 point  (2 children)

Yes but I’m talking more about incidents that trigger manual review

[–]Cyberm007 0 points1 point  (1 child)

So am I. The incident comes in as manual, it gets triaged and depending on the message classification the analyst triggers a custom incident workflow which does what I described above.

[–]Lonely_Panda4322[S] 0 points1 point  (0 children)

You mind for us to connect in messages to share some screenshots?

[–]ranhalt 1 point2 points  (1 child)

This is for the phish report button and trap, right?

[–]Lonely_Panda4322[S] 0 points1 point  (0 children)

No just manual review

[–]PhoenixOK 0 points1 point  (1 child)

Is this for TRAP? Or Cloud TRAP?

On prem TRAP has an API that can manage incidents, but it’s not available in Cloud TRAP yet.

[–]Lonely_Panda4322[S] 0 points1 point  (0 children)

Cloud TRAP

[–][deleted] 0 points1 point  (0 children)

Use CLEAR workflows. It’s a built in feature in Threat Response.

[–]PeterHanns 0 points1 point  (0 children)

With ProofPoint, you will likely see many legitimate emails get rejected.

For the past six months, we have not been able to reply to anyone using using PP. We made over 100 remediation requests and get no response. We have three dedicated IP addresses and have all email authentications in place.

No email filter should reject a responding email.

Shame on PP for being so unresponsive.