With AI Guardian Premium enabled you can access AI Guardian Dashboard to configure specific action for each AI Guardian Policy.

Note: this feature is not available with AI Guardian Standard. Read our Knowledge Base article AI Guardian Premium Overview to know more about AI Guardian Premium.

Logging Into Dashboard

AI Guardian Dashboard can be accessed from your HostPilotĀ® Control Panel in Services > Email Protection Premium > AI Guardian > AI Guardian Dashboard. This will open new tab in the browser and you will be automatically logged into the portal.

PortalLogin

In the portal navigate to Policies tab. You will see a list of pre-configured Inbound and Outbound policies.

Policies

Clicking on a policy name will show the priority level and statistic information.
Note: priority level is assigned automatically depending on the severity of the threat and cannot be changed.

PolicyInfo

Inbound Policies

Default Inbound policies include several categories:

Business Email Compromise (BEC)

  • Social Engineering: This policy identifies generic business email compromise incidents.
  • Ransomware: This policy identifies crimes in which hackers first hold something valuable as hostage from a person or organization (e.g. - via the encryption of digital data or of a computer). The hacker then tells the victim that the valuable object(s) will not be returned until certain demands - usually financial - are met.
  • Extortion: This policy identifies crimes in which a hacker threatens a person or organization with some sort of harm such as the exposure of sensitive or personal information unless a victim meets certain - usually financial - demands.
  • Payroll Fraud: Attacker fraudulently requests a change in direct deposit information to steal from an employee.
  • Payment Fraud (Internal): Attacker poses as an internal entity to request fraudulent payment.
  • Payment Fraud (External): Attacker poses as a vendor, partner, or other external entity to request fraudulent payment. Vendor email compromise falls under this category.
  • Impersonation: VIP (Requesting Gift Card): The attacker impersonates a VIP/exec to send emails that request gift cards from the victim.

Spear Phishing

  • Impersonation: VIP: The attacker impersonates a VIP/exec to send emails that request some action from the victim (for instance, sharing personal information).
  • Impersonation: Employee: The attacker impersonates an internal employee to engage with the victim.

Credential Phishing

  • Phish URL (Mail Body): Emails containing a URL that harvests personal information from the victim.
  • Phish URL (Attachment): Emails containing attachments with a URL that harvests personal information from the victim.

Outbound Policies

Outbound Data Loss Prevention will help to detect PII/PCI violations disclosed through emails sent outside of your organization. Default Outbound categories include:

  • PCI Bank Account Number: Employee discloses bank account details within email content to an external entity.
  • PCI Credit Card Number: Employee discloses credit card number within email content to an external entity.
  • PCI IBAN: Employee discloses IBAN details within email content to an external entity.
  • PCI Routing Number: Employee discloses routing number within email content to an external entity.
  • PII Passport: Employee discloses passport number within email content to an external entity.
  • PII Social Security Number: Employee discloses social security number within email content to an external entity.
  • PII Tax Number: Employee discloses tax number within email content to an external entity.

Policy Actions

If the email falls into any of these categories, the policy will be triggered and the email will be treated according to the configured action for the policy. Possible actions are:

  • No Action: incidents will appear in the AI Guardian Overview Dashboard and the incidents pages, but there will be no action taken on any end user emails across your organization.
  • Subject Tag: email will be delivered with custom tag in the message subject
  • Body Tag: email will be delivered with custom tag in the message body
  • Label: email will be delivered with the label marking it as suspicious
  • Quarantine: email will be delivered to Junk email folder
  • Delete: email will be deleted from the users' mailboxes and sent to Admin Quarantine

Note: by default Ransomware, Extortion and Credential Phishing policies are enabled with Body Tag action with the default text applied:

  • Extortion and Ransomware:
    Potential threat warning - This email looks like could be threatening you with a potentially harmful action/fee - Be cautious clicking on any links/attachments, check the sender's email address, if you believe this to be legitimate, contact your IT team.
  • Phishing:
    Potential phishing warning -This email looks like it could trick you into sharing your credentials with a fake party. Please be cautious when clicking any links in this email or its attachments and check the sender's email address. If in doubt, contact your IT team.

Other policies are enabled in No Action state.

You can configure specific action for each policy by selecting the policy and clicking on the pencil icon under Actions tab.

ConfigureActions

Note: the policies are applied for all emails for all the users on the account.

VIP List

Several policies such as Impersonation: VIP and Impersonation: VIP (Requesting Gift Card) requires VIP List to be configured. It can be found in AI Guardian Dashboard > VIP List.

VIPList

Any existing Exchange user can be added into the VIP list. Once users are added VIP policies will be able to detect threats and selected policy action will be applied for potentially harmful emails sent to users listed as VIP.