Greetings SaaS community,
This week we started with gradual upgrade of CloudGuard SaaS with new features and bug fixes.
You can read about new features here "sk144616 CloudGuard SaaS - What's New"
One of the newly introduced cool features is phishing blacklist for unwanted/spam emails, which can be easily built based on template of any given received email.
Assume you configured "Inline protection" for phishing emails but there is still unwanted email came thru or email didn't have enough parameters to be incriminated and quarantined as phishing one.
You see CloudGuard SaaS scans the "..Don't Miss Flash Savings" email but it seems Benign and delivered to your inbox:
Clicking the "Mark email as phishing" you'll see new menu be opened with email parameters and the list (currently single one) of matched emails:
Reducing email parameters and leaving just the 'Sender Email' with 'Sender IP' will re-scan all existing Benign events for reduced parameters match.
Voilà ! now you see about 200 matches for same promotion emails:
Clicking on 'Create blacklist rule' we'll create blacklist for feature emails by these 'Email Sender' and 'Sender IP' to be identified and quarantined as phishing. Moreover the already found 200 emails will be re-processed (and quarantined) as phishing according to existing Anti-Phishing configuration.