Organization settings guide

This guide describes the settings you can configure for an organization.

Organization settings

Graphus provides settings that you can apply to a specific organization. These settings can be enabled, disabled, or edited any time while the organization is active.

The settings are accessed by selecting an organization and expanding Settings in the navigation pane.

Keep in mind that the settings you configured and saved as the default on the MSP Administration page have already been applied to your organizations.

General Settings

The General Settings page includes tabs for accessing common settings.

When an organization is operating Graphus in Monitoring mode, a banner is displayed at the top of the General Settings page indicating that EmployeeShield and Quarantine are disabled.

For more information about Graphus operating modes, see the article Adding and activating an organization.

Investigation

The Investigation tab is where you enable the tools that will be available in the Investigate modal.

The Investigate modal is used when analyzing quarantine, EmployeeShield, and Phish911 alerts.

NOTE  For more information about the Investigate modal tools, see the article Analyzing alerts.

Reporting

On the Reporting tab, you can enable monthly and daily phishing defense reports to be sent automatically to specified recipients.

For monthly reports, Graphus will email a monthly phishing defense report on the 1st of every month to the recipients you specify in the Recipient Email Addresses field.

When enabling daily reports, Graphus will email daily phishing defense metrics from the previous day to the recipients you specify.

In addition, you can customize these reports by adding your company logo and selecting a color for the header and footer. The modifications you make apply to your downloadable reports as well, which are available from the Dashboard and Reports page.

For more information, see the article Activating and branding phishing defense reports.

Notifications/SIEM

When the first toggle is enabled, Graphus will send an email notification to specified recipients when an alert is generated for a category you selected. For example, if Quarantine is enabled, an email notification will be sent to the specified recipients whenever an email is quarantined.

For the other categories, an email will be sent when a banner is applied to an email (EmployeeShield enabled) or when a user reports an email via Phish911 (Phish911 enabled).

When the second toggle is enabled, Graphus will publish an event to the configured SIEM or ticketing system when it generates an alert for the categories you enabled.

For more information, see the article Configuring email notifications and ticketing events for Graphus Alerts.

Internal Impersonation Protection

Graphus will utilize email authentication parameters such as SPF, DKIM and DMARC to block emails sent to your organization that are impersonating the internal domain.

Make sure your email authentication is set up properly before activating this feature. Internal emails with incorrect authentication parameters appear suspicious to Graphus AI. They might cause the AI to quarantine legit emails from internal senders falsely or to mark them as suspicious with a banner.

For more information about this feature and setting up your email authentication correctly, refer to the following:

• Internal Impersonation Protection
• Microsoft 365 SPF, DKIM, DMARC Guide
• Google Workspace SPF, DKIM, DMARC Guide

Group Protection

Graphus will only protect the users within the group identified by the address you enter in the Group Email Address field. The group must already exist in M365 or Google. If you are using Phish911, you must add the email address of the dedicated Phish911 inbox to the protected group. Otherwise, Phish911 will not work.

For information, see the Group Protection Guide.

Quarantine

Select the folder for which quarantined emails will be moved.

IMPORTANT  The Quarantine setting is disabled when Graphus is in Monitoring mode.

EmployeeShield

For emails that Graphus determines are not malicious but may be suspicious, a warning banner is placed at the top of the email. The banner allows the recipient to report the email as a phishing attempt or to report it as a safe email.

The EmployeeShield Banner feature can be enabled at the organization level when it's not enabled globally. When enabled globally, organization level settings have priority over global settings.

Additional EmployeeShield Banner settings, such as enabling the banner for specific users, are available at the organization level.

IMPORTANT  The Graphus Feedback app must be configured for each organization for which you enable the EmployeeShield banner. Configuration will prevent the recipient from being prompted for admin consent when providing feedback via the EmployeeShield banner.

For information, see the article Setting up the EmployeeShield® banner.

Also, you can enable personal mail filtering at the organization level only. This will allow a recipient to mark an email as junk via a link in the banner. Future emails from a marked junk sender will be blocked for this particular recipient only.

IMPORTANT  The EmployeeShield setting is disabled when Graphus is in Monitoring mode.

For information, see the article Setting up the Personal Spam Filter for graymail filtering.

Executive Spoofing

Graphus will immediately quarantine any emails that appear to be impersonating the names of executives you enter in the Executive Names field. It is recommended you enter an executive’s full name to prevent unwanted quarantines. Do not enter email addresses.

See the article, Executive Spoofing feature guide.

Phish911

This setting allows email recipients to report suspicious emails that look like phishing attempts but were not quarantined or did not include a banner. The Phish911 Configuration allows you to configure the method by which recipients can report these emails.

It is important that you create a dedicated inbox in your email domain that is only used for this feature. Every email sent to this inbox will trigger the Graphus Phish911 process.

The configuration methods (types) available are:

• Graphus: Recipient forwards suspicious emails to the dedicated Phish911 inbox.
• Phishing Awareness Training: Recipient clicks the Phish Alert Report button (plugin from your phishing training solution) in the email.
• Microsoft 365 Report Phishing: Recipient clicks the Microsoft Outlook Report Message button in the email.

When a recipient reports an email via Phish911, Graphus will immediately quarantine the email for all recipients of this email. Graphus will also send an acknowledgement email to the reporter and create an alert within Graphus. Then, an admin can analyze the reported email and decide if it should remain quarantined or be released.

For more information, see the guide Setting up Phish911 to report phishing.

Mail Filter

The Personal Filter enables mail filtering to each email recipient. This allows a recipient to mark an email as junk via a link in the banner.

With the Organization Filter, you can upload a list of junk email senders who will be blocked for the whole organization.

IMPORTANT  The Personal Filter setting is disabled when Graphus is in Monitoring mode.

For information, see the article Setting up the Personal Spam Filter for graymail filtering.

Whitelisting

Graphus will skip processing any inbound email with attributes that match the whitelisted parameters. No quarantine or EmployeeShield functionalities in Graphus will be applied to such emails. The following whitelisting options are available:

• Sender Domain: Allows you to whitelist specific external domains. Incoming emails from any address within the whitelisted domain will bypass scanning. Works only for authenticated domains, meaning a domain must pass the SPF or DMARC protocols.
• SMTP Mail Domain: Whitelist a sender's domain based on the SMTP MAIL FROM command. This is typically the domain specified in the "MAIL FROM" section of the SMTP envelope.
• IP Address: You specify IP addresses from which you trust to receive incoming emails.
• SMTP Mail From & Sender Domain: Combines the SMTP MAIL FROM command and SPF check result with the sender's domain.
  

For more information, see the Organization whitelisting feature guide

How to...