HacWare Feature Requests

This feature enhancement enables the Phishing Reporter tool to perform an initial scan of an email before reporting it. It identifies potential phishing indicators, provides an assessment of whether the email is likely phishing or legitimate, and allows users to report it to their security team for further evaluation if necessary. --- Feature Objectives: Improve the end-user experience by providing immediate feedback on suspected phishing emails. Reduce the number of false-positive reports sent to the security team by helping users make informed decisions. Enhance security operations by attaching detailed insights to reported emails for faster evaluation by the security team. --- Key Components: Email Pre-Scan: - The tool scans the email for common phishing indicators, such as: - Suspicious sender information (e.g., spoofed domains or email addresses). - Malicious links or attachments. - Unusual language, urgency, or requests for sensitive information. - Lack of proper security headers (e.g., SPF, DKIM, DMARC failures). Insights and Determination: - The tool provides a summarized insight report to the user with the following: - A determination of the likelihood the email is phishing or legitimate (e.g., "Phishing Suspected" , "Legitimate Email" , or "Further Analysis Required" ). - A breakdown of what was flagged in the email (e.g., "The sender's email domain does not match the organization’s legitimate domain"). - Educational tips explaining why certain elements might be risky to increase user awareness. User Action Options: - After reviewing the insights, users can: - Report Email: Send it to the security team for further analysis. - Mark as Safe: Dismiss the alert and mark the email as legitimate. Security Team Workflow: - When a report is submitted, the tool attaches the scanned insights to the ticket or alert sent to the security team. - Include metadata, such as sender IP, headers, and flagged indicators, for quick triage. --- Benefits: For End Users: - Reduces confusion by offering immediate clarity on suspicious emails. - Encourages better decision-making and minimizes unnecessary reports. For Security Teams: - Streamlines the review process by providing actionable data upfront. - Reduces the workload caused by false positives. For the Organization: - Improves overall email security awareness and reduces the likelihood of successful phishing attacks. --- Implementation Notes: Technical Requirements: - Integration with existing Phishing Reporter tool. - Use of email threat intelligence APIs or libraries for scanning and analysis. - Machine learning model for determining email legitimacy (optional for advanced insights). User Experience Design: - Clear, non-technical language for insights to ensure accessibility for non-technical users. - A simple interface for reviewing insights and taking actions (e.g., report or mark safe). Compliance Considerations: - Ensure scanned email data is handled securely and in compliance with privacy regulations. --- Potential Challenges: Balancing the accuracy of phishing detection with user expectations to avoid both false positives and negatives. Maintaining a lightweight and responsive user experience to encourage adoption. --- Would you like to proceed with this feature design or add any additional specifications?

Support SSO SAML identity providers so a user authenticates with the provider and uses this authentication to gain access to HacWare. On October 3rd an MSP customer, requested Microsoft Entra SSO to be included in the list of SAML providers. See more here - https://learn.microsoft.com/en-us/entra/identity-platform/single-sign-on-saml-protocol

The Reports are automatically redirected to the login page or partner portal in the Brave browser.

LMS Improvement suggestion: Please stop the videos from playing a preview whenever they show up. It slows the site down a ton and makes it very frustrating to use. It also doesn't provide anything of benefit to have them play a few seconds of the video.

The most common feedback we are getting from clients is that the Hacware report button in Outlook/ Outlook Web is different to the M365 'Report Message' button as detailed here: https://learn.microsoft.com/en-us/defender-office-365/submissions-users-report-message-add-in-configure Our clients only want one button to report emails, which makes sense - they should not have to guess if an email is a real phishing email and report to M365 (and integrated anti-spam), or if it is a simulated phishing email and therefore choose the Hacware report button. At the end of the day, we (the provider) end up getting tickets asking if the email is ok, or what report button they should select. Can you please enable the ability to use the M365 report button - clients are already using this button to report emails, the button integrates with services like Avanan, and it will help to avoid a lot of confusion.

The Phish Reporter should work on unread messages to avoid having the users open the email messages. I am submitting this request on a Gmail/Google Workspace customer's behalf.

The site admin can either manually add their users to this group or they can add users via the API.

Teach users to use only one button BUT it goes to a place like Ironscales since they will handle phishing security issues or emails