Triage Phishing Submissions
TruSTAR offers two API commands to triage events that the user has submitted into their Phishing Enclave.
Get Phishing Submissions
Set Triage Status
Description: Sets the status of a phishing email submission. By default, every submission is set to UNRESOLVED. The user can choose to change an email submission to CONFIRMED or IGNORED, based on the Priority Event Score returned by the Submissions command.
The integration must include a configuration page where the user can define the following:
- Activate the Phishing Triage functionality, This should include a way to specify Phishing Enclave IDs (both submission and vetted enclaves). TruSTAR recommends naming the fields Activate Phishing Triage and Phishing Triage Enclave IDs.
- For the Submissions command: provide a set of filtering criteria the user can select from.
- For the Status command: provide a way for the user specify a Submission ID and a status value.