Phishing Investigation - Statistics
Workflow #0010B
This workflow sends an email summary of Phishing Investigation workflow activity.
Change Log
Date | Notes |
---|---|
Jan 21, 2021 | - Initial release |
Feb 4, 2021 | - Updated the runtime calculation Python script to fix some possible failures |
Aug 31, 2022 | - Minor updates to naming and descriptions |
See the Important Notes page for more information about updating workflows
Requirements
- The following system atomics are used by this workflow:
- None
- The following atomic actions must be imported before you can import this workflow:
- None
- The targets and account keys listed at the bottom of the page
Workflow Steps
This email is designed to be triggered by a schedule.
- Calculate and format the dates needed to generate the report
- Fetch rows from the global statistics table for this reporting period
- Loop through the table records and calculate each row’s workflow run time
- Process the data into an email and send the message
- Clean up the global statistics table (purge old records)
Configuration
- Set the
Report Recipients
local variable to the email addresses you want the report sent to - Set the
Report Time Span (Days)
local variable to how many days of data you want included in the report. We recommend using a relatively short time span such as 1 day - Set the
Retention Period (Days)
local variable to how many days of data you want kept in the global statistics table. If you don’t want to keep historical data, you can set this to 1 day longer than yourReport Time Span (Days)
. We recommend keeping the table as clean as possible, so try not to keep too much data - By default, the workflow is configured to run once a day at midnight UTC. If you want to change this schedule, you can modify the 0010B - Phishing Investigation Statistics schedule
- To use a different SMTP Endpoint target, update the workflow’s target group condition with the name of the target you want to use (default: Email Endpoint)
Targets
Target Group: Default TargetGroup
By default, the Default TargetGroup
may not include SMTP Endpoint
targets. If this is the case, you will need to update the target group and add SMTP Endpoint
to the target types included. More information about target groups can be found here.
Target Name | Type | Details | Account Keys | Notes |
---|---|---|---|---|
Phishing Investigation Outgoing | SMTP Endpoint | Configured for your SMTP server | Phishing Investigation Mailbox Credentials |
Account Keys
Account Key Name | Type | Details | Notes |
---|---|---|---|
Phishing Investigation Mailbox Credentials | Email Credentials | Username: Mailbox Username Password: Mailbox Password |