InsightPhish is Rapid7's phishing identification, analysis, and simulation solution. InsightPhish enables your organization to report suspected phishing attacks and lets your security team simulate internal phishing campaigns to improve resiliency. The goal is to help your organization learn to identify the key indicators of a phishing attack so that instead of interacting with phishing messages, your users report them. Streamlined reporting and analysis tools enable you to quickly identify and respond to reported campaigns that are underway.
To help achieve these goals, InsightPhish serves two key use cases:
- Review - Review lets your organization easily report suspicious looking emails to your security team so they can investigate and determine if the email poses a legitimate threat. It eliminates noise so you can focus on responding to real phishing threats and reduces the amount of effort and time it takes to investigate, analyze, and respond to reports of phishing attempts.
- Simulate - Simulate generates authentic looking phishing attacks, which enables you to evaluate and improve your organization's ability to detect and handle malicious emails. You can track your organization's performance over time to determine the effectiveness of your security training programs and learn how you can implement additional educational measures to improve awareness.
The first thing you need to do is create an InsightPhish account. Go here to sign up. After you sign up, you'll receive an email that will let you create a password for your account.
Already have an account? Great! Let's log in to InsightPhish.
To access InsightPhish, go to https://insight.rapid7.com/ and log in with your InsightPhish account credentials.
Now that you've logged in to InsightPhish, you're ready to set up and customize your experience. Here's what you'll need to do next:
- Set up your Review Queue to start receiving reported phishing emails
- Verify your domain so you can simulate phishing campaigns
- Whitelabel your domain so you can send emails for your phishing campaigns
After you've completed these steps, you'll be ready to start simulating campaigns and reviewing any potentially real reported threats.