CPC H04L 63/1483 (2013.01) [G06F 16/9035 (2019.01); G06Q 10/107 (2013.01); H04L 63/1416 (2013.01); H04L 63/1425 (2013.01)] | 42 Claims |
1. A method comprising:
determining, via an application programming interface, that a first email is present in a mailbox to which employees of an enterprise are able to forward emails deemed suspicious for analysis, and in response to determining that the first email is present in the mailbox, determining whether the first email is representative of a threat to the enterprise based at least in part by applying a trained model to the first email; and
in response to establishing that the first email represents a threat to the enterprise:
generating a record of the threat by populating a data structure with information related to the first email; and
applying the data structure to inboxes of a plurality of the employees to determine whether the first email is part of a campaign, and in response to determining that the first email is part of a campaign, applying the data structure as a filter to inbound emails addressed to the employees.
|