Triage Phishing Submissions

Updated 3 months ago by Sachit Soni

TruSTAR offers two API commands to triage events that the user has submitted into their Phishing Enclave.

The user must have the Phishing Triage feature activated in TruSTAR for these commands to be executed.

Get Phishing Submissions

POST /1.3/triage/submissions

Description: Returns a list of all phishing email submissions that fit the given criteria. TruSTAR recommends offering all available filtering criteria, including Priority Event Score and Status

Set Triage Status

POST /1.3/triage/submissions/{submissionId}/status

Description: Sets the status of a phishing email submission. By default, every submission is set to UNRESOLVED. The user can choose to change an email submission to CONFIRMED or IGNORED, based on the Priority Event Score returned by the Submissions command.


The integration must include a configuration page where the user can define the following:

  • Activate the Phishing Triage functionality, This should include a way to specify Phishing Enclave IDs (both submission and vetted enclaves). TruSTAR recommends naming the fields Activate Phishing Triage and Phishing Triage Enclave IDs.
  • For the Submissions command: provide a set of filtering criteria the user can select from.
  • For the Status command: provide a way for the user specify a Submission ID and a status value.

How Did We Do?