InsightPhishing is Rapid7's phishing identification, analysis, and simulation solution. InsightPhishing enables your organization to report suspected phishing attacks and lets your security team simulate internal phishing campaigns to improve resiliency. The goal is to help your organization learn to identify the key indicators of a phishing attack so that instead of interacting with phishing messages, your users report them. Streamlined reporting and analysis tools enable you to quickly identify and respond to reported campaigns that are underway.
To help achieve these goals, InsightPhishing serves two key use cases:
- Review - Review lets your organization easily report suspicious looking emails to your security team so they can investigate and determine if the email poses a legitimate threat. It eliminates noise so you can focus on responding to real phishing threats and reduces the amount of effort and time it takes to investigate, analyze, and respond to reports of phishing attempts.
- Simulate - Simulate generates authentic looking phishing attacks, which enables you to evaluate and improve your organization's ability to detect and handle malicious emails. You can track your organization's performance over time to determine the effectiveness of your security training programs and learn how you can implement additional educational measures to improve awareness.
The first thing you need to do is create an InsightPhishing account. Go here to sign up. After you sign up, you'll receive an email that will let you create a password for your account.
Already have an account? Great! Let's log in to InsightPhishing.
Now that you've logged in to InsightPhishing, you're ready to set up and customize your experience.
Here's what you'll need to do next:
- Set up your Review Queue to start receiving reported phishing emails
- Verify your domain so you can simulate phishing campaigns
- Whitelabel your domain so you can send emails for your phishing campaigns
- If you're not receiving emails from InsightPhishing, make sure that you have whitelisted the InsightPhishing IP addresses.
- Sync with Azure Active Directory so you can automatically build campaign target lists
After you've completed these steps, you'll be ready to start simulating campaigns and reviewing any potentially real reported threats.
|Create an Account|