True Positive makes it easy to create cases from inbound emails.
For example, you might want to create a case from your phishing case template for every email that's sent to firstname.lastname@example.org.
The way it works is that you generate an random inbound email address, ending in
email@example.com, in the web console. Whenever you send an email to this inbound address, we create a case in your True Positive instance and attach the original email.
Then you can create a forwarding rule to forward emails from firstname.lastname@example.org to your generated inbound address.
Generate an inbound address
To get started, visit Manage > Integrations.
Now, click "Create an inbound address".
Cases created from emails sent to your inbound address will be initialized with the case template you choose and will be marked as created by the default creator you choose.
Create your first case via email
Now, copy your generated inbound address and send an email, any email, to it. You can include the inbound address as one of several recipients, or add it to the CC or BCC fields.
In under a minute, you should receive an email with a link to your newly created case. We also attach the original email as a file to the created case, and add a comment to the case, indicating it was created via email.
You won't be able to access the created case unless you're:
(1) the inbound address's default creator
(2) or one of the inbound address's case template's default users
(3) or a member of one of the inbound address's case template's default groups
Forward emails from an existing mailbox
We don't recommend, and haven't tested, aliasing a corporate email to a generated inbound address, as doing this will prevent you from replying to emails you receive.
Now, you probably don't want to tell your employees to forward phishing emails to
IcvpWN7Ek5nFR7rd9NTz@inbound-cases.truepositive.app. You want to have them send emails to
To accomplish this, simply set up a forwarding rule to forward emails from your
email@example.com mailbox to your generated inbound address.
And here's how you set up a forwarding rule with Outlook (using the web app).
Your rules should look something like this once you're done:
Another email provider
You can use any other email provider, not just Gmail and Outlook -- just find and follow the instructions for setting up forwarding rules for your specific provider.
Caveat: Your email provider must attach a
X-Forwarded-Toheader to emails that it forwards.
For example, say you set up a forwarding rule from
Then all emails sent to
firstname.lastname@example.org include a
X-Forwarded-Toheader which contains
If your email provider doesn't do this, email us -- we'll add support for your provider.
Update an inbound address
Click an inbound address's title to open a drawer, like in the screenshot above, where you can update the inbound address.
Delete an inbound address
Simply click the trash icon next to the appropriate inbound address to delete it.