Greater Integration Between Incident Response Teams Now Possible with PhishMe Triage

Customers benefit from new APIs, multi-factor authentication, audit logs and status alerts

LEESBURG, VA. – December 22, 2017 – PhishMe®, the leading provider of human phishing defense solutions, today announced updates to PhishMe Triage™, its phishing incident response platform. These new capabilities enable security operations centers (SOCs) and incident responders (IRs) to automate the prioritization, analysis and response to phishing threats with greater ease.

The addition of fully documented REST APIs are one of the most central updates to PhishMe Triage. Information on emails, clusters, attachments, reporters, integrations and health stats can be easily pulled and visualized, providing tighter integration across response teams. For instance, the new API capability can be used to query PhishMe Triage at set intervals to notify a response team as soon as a phishing threat is identified. Other use cases include the ability to send information over to the second line team for quick remediation, track phishing defense progress and create custom dashboards to show historical data.

Additional updates provide PhishMe Triage customers with:

  • Additional security. Two-factor authentication provides an extra layer of security that works with Google Authenticator, Microsoft Authenticator, Duo and others
  • More accountability. Audit logs are generated to keep track of any activity within PhishMe Triage. With the audit log, visibility about who did something in PhishMe Triage, what they did and when they did it is captured. The audit log tracks over 145 Event ID’s across PhishMe Triage. Lastly, information provided in the audit can be viewed within the application, or exported.
  • Greater visibility. PhishMe Triage has also expanded support for syslog alerts. These can be created for clustering, performance, ingestion health and triage recipe monitoring, as well as operational performance. These alerts can be shared across the incident response team to distribute valuable threat information faster.

“Given the ever-changing nature of security threats, our product development team is constantly looking for ways to save our customers time and increase efficiency,” said Aaron Higbee, co-founder and CTO of PhishMe. “The latest enhancements to PhishMe Triage makes it easier for IR and SOC teams to act upon the collective work of their employees – ensuring that the collaboration between all departments plays a meaningful part in stopping phishing attacks before a breach occurs.”

PhishMe Triage integrates with existing security solutions including SIEM, anti-malware, analysis and threat Intelligence solutions and shares indicators of compromise and phishing with upstream security teams to block future attacks. For more information about PhishMe Triage, please visit:

About PhishMe

PhishMe is the leading provider of human-focused phishing defense solutions for organizations concerned about their susceptibility to today’s top attack vector — spear phishing. PhishMe’s intelligence-driven platform turns employees into an active line of defense by enabling them to identify, report and mitigate spear phishing, malware and drive-by threats. Our open approach ensures that PhishMe integrates easily into the security technology stack, demonstrating measurable results to help inform an organization’s security decision-making process. PhishMe’s customers include the defense industrial base, energy, financial services, healthcare and manufacturing industries, as well as other Global 1000 entities that understand how changing user security behavior will improve security, aid incident response and reduce the risk of compromise.

New Enhancements Help Streamline Incident Response with PhishMe Triage
Zeus Panda Prominent in Italian-Language Phishing Throughout 2017

Leave a Reply