Auto-Response Action Settings
This
| Setting | Description |
|---|---|
|
Name |
The name of the auto-response action. This is what appears in the list of actions. You can enter free-form text here. A useful name is one that summarizes what the auto-response is for and what it contains.
|
|
Status |
A toggle that enables or disables an auto-response action. Default is enabled. When disabled, the auto-response is not sent even when matching a trigger.
NOTE: Because you can define more than one template for an event, it's possible that phish reporters or others could receive multiple messages per event. Be careful how many templates you design and enable for each event and who gets those messages.
|
|
Event |
Selecting an event from the menu defines which event will trigger sending the auto-response message:
|
|
Conditions |
These are conditions that must be met for an auto-response to be sent. Note that condition options don't appear for every event type.
|
|
From |
This is what will appear in the From field in emails. It is populated by default, to customize it select the View MS Graph Permissions link at the right.
|
|
To |
The email address that messages are sent to. You can enter addresses manually or use variables such as {{PHISH_REPORTER}}. See the Variables section below for details about variables that you can use.
|
|
Subject |
The content of the subject line for messages, which can contain any variable. See the Variables section below for details about variables that you can use.
|
|
Content |
The body of the message which can contain any variable. See the Variables section below for details about variables that you can use.
|
Auto-Response Action Variables
In Auto-Response Actions, you can use variables in the To, Subject, and Content fields, and when messages are sent these variables are replaced with their values.
Variables must be formatted using two opening braces, the variable name in all caps, and two closing braces, for example: {{VARIABLE_NAME}}.
The following table lists all the variables you can use.
| Variable Name | Value Description |
|---|---|
| {{CURRENT_DATETIME}} | The UTC date and time that the message is sent. |
| {{CURRENT_DATE}} | The UTC date that the message is sent. |
| {{CURRENT_TIME}} | The UTC time that the message is sent. |
| {{INVESTIGATION_ASSIGNEE}} | The name of the Phishing Response user who is assigned the investigation at the time the auto-response is sent. |
| {{INVESTIGATION_ID}} | The unique identifier of the Phishing Response investigation that the phish report creates or is added to. |
| {{INVESTIGATION_CLASSIFICATION}} | The classification of the Phishing Response investigation at the time the auto-response is sent. See Investigations for more information about investigation classifications. |
| {{LINK TO INVESTIGATION}} | A link to the investigation details based on the investigation ID. |
| {{INVESTIGATION_PRIORITY}} | The priority of the Phishing Response investigation at the time the auto-response is sent. See Investigations for more information about investigation priorities. |
| {{INVESTIGATION_STATE}} | The state of the Phishing Response investigation at the time the auto-response is sent. See Investigations for more information about investigation states. |
| {{ORGANIZATION_NAME}} | The name of your organization as listed in your Phishing Response organization settings. See Phishing Response Settings for details. |
| {{PHISH_RECEIVED_AT}} | The date and time (in UTC) that Phishing Response received the phish report. |
| {{PHISH_REPORTERS}} | The names of who reported the phish, if multiple reporters. |
| {{PHISH_REPORTER}} | The name of the person who reported the phish. |
| {{PHISH_SUBJECT}} | The subject line of the message reported as a phish. |