New to cybersecurity and just really learning ServiceNow. In the CISO office, I have taken over the Microsoft Phishing Attack Simulation available through MS 365 Defender. Currently in our Outlook, we have a button (via Defender I believe) that allows user to click it to report junk and suspicious emails. It is currently integrated in such that when the button is clicked, pertinent info about the email and headers is reported along with a copy of the email msg file. Its routed to defender as an alert, of course, and to ServiceNow as a Incident phishing ticket.
Currently, we are flooded with tickets that deal with the simulation. Which is a good thing because that means users within the organization are reporting suspicious emails. However, sifting through the simulation tickets and separating them from legit reported concerns is time-consuming.
Is there a way that when its routed to ServiceNow, there is a table of sorts to check sender address in the attachments (email .msg file) or within the ticket text so that if the address is in the table, ServiceNow will auto-resolve the ticket and tag it as part of the simulation?
