Email Security Integrations
Email security integrations capture phishing reports, suspicious email detections, and email threat data to feed into employee risk scores.
Supported Platforms
| Platform | Connection Method | Events Captured |
|---|---|---|
| Microsoft 365 / Defender | Microsoft Graph API | Phishing reports, safe links clicks, threat detections |
| Google Workspace | Gmail API + Admin Reports | Phishing reports, suspicious email events |
| Proofpoint TAP | REST API | Targeted attack events, URL clicks, attachment opens |
| Mimecast | REST API | Threat detections, URL protection events |
| Abnormal Security | REST API | BEC detections, account takeover signals |
Setting Up Microsoft 365
- Navigate to Admin → Integrations → Add Integration
- Select Microsoft 365
- Click Authorize with Microsoft
- Sign in with an account that has Security Reader permissions
- Grant the required API permissions
- Test the connection and activate
Defender for Office 365
For the richest set of email events, Microsoft Defender for Office 365 Plan 1 or higher is recommended. Basic Exchange Online provides limited email security signals.
TidalBay Report Button
TIDALBAY provides a "Report Phishing" button add-in for Outlook and Gmail that employees can use to report suspicious emails:
- One-click reporting from within the email client
- Automatic event creation in TIDALBAY (+10 points for valid reports)
- Email forwarded to your SOC for triage
- Feedback sent to the reporting employee
Events Captured
| Event | Default Impact |
|---|---|
| Phishing email reported | +10 points |
| Malicious link clicked | -20 points |
| Malicious attachment opened | -20 points |
| Credentials submitted on phishing page | -35 points |
| BEC response sent | -15 points |