Hi,
we are getting alerts for phishing mails, is there any way to automate sender domain blocking in google secops?
Sender Domain Blocking
+7- Bronze 3
+12Depends on your email server, for this example I looked at the Exchange integration that covers Exchange and Office365
Action - Add Domains to Exchange-Siemplify Inbox Rules
Action - Add Domains to Exchange-Siemplify Inbox Rules
This has a string input "domains" which accepts comma separated domains in a list. For this:
- parse the EML to the Case Wall
- run one of the Actions to parse the EML file
- From the output identify the sender (or domains listed in the email)
- Extract the domain from the Email address (using string functions, template engine, or other ways)
- use this output as the input
Block Sender by Message ID
This will block the specific address, it requires fewer steps to implment but might be worth trying as well.
All of this should be doable using the prebuilt drag drop options 🙂
This will block the specific address, it requires fewer steps to implment but might be worth trying as well.
All of this should be doable using the prebuilt drag drop options 🙂
+7- Bronze 3
Depends on your email server, for this example I looked at the Exchange integration that covers Exchange and Office365
Action - Add Domains to Exchange-Siemplify Inbox Rules
Action - Add Domains to Exchange-Siemplify Inbox Rules
This has a string input "domains" which accepts comma separated domains in a list. For this:
- parse the EML to the Case Wall
- run one of the Actions to parse the EML file
- From the output identify the sender (or domains listed in the email)
- Extract the domain from the Email address (using string functions, template engine, or other ways)
- use this output as the input
Block Sender by Message ID
This will block the specific address, it requires fewer steps to implment but might be worth trying as well.
All of this should be doable using the prebuilt drag drop options 🙂
This will block the specific address, it requires fewer steps to implment but might be worth trying as well.
All of this should be doable using the prebuilt drag drop options 🙂
Hi @SoarAndy
Thanks for your response!
We are using Google Workspace, and phishing alerts are triggered both from the Google Alert Center and the Google Workspace activity logs.
Is there any option that would cover both sources?
Additionally, what we specifically need is an automated way to block the reported domains.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.