Reported button

[securitygeneration]

It would be nice to add a button that marks a particular user as having reported an email as phishing. While I know the current functionality is designed to be integrated into other reporting tools, the majority of 'reports' are still by email to the IT or security team, and it would be nice to be able to log that within GoPhish for metrics purposes.

[dsmurf]

Where do you want the report button to be?
you can program it in html.

[securitygeneration]

I envisage it should live at the bottom of the user detail timeline. And when you click it, a Reported entry get entered into the timeline, and the button disappears (no point in multiple reports).

[dsmurf]

Ahhh you want a button in the admin panel where a admin can mark that a user reported the mail.
that might be out of my scope.

[securitygeneration]

Yeah. I think this should be fairly trivial to implement.

[jordan-wright]

I like the idea in your screenshot, @securitygeneration. I think this is a good place to put a general "Actions" section that can be populated with various actions, as needed.

For example, in addition to marking the user as reported, I'd like to also offer a button that can re-send the email in the case of errors.

The thing is- I don't want to just have this point to the /report endpoint, since that might be misleading. For example, we collect the user-agent and IP address of the person who hit that endpoint so that might cause the logs to appear mismatched. Instead, I'm considering establishing API endpoints at campaigns/<id>/results/<rid>/report, campaigns/<id>/results/<rid>/resend, etc. We can then find a way in the logs and UI to indicate that an admin manually performed that action on behalf of the user.

Curious to hear y'all's thoughts!

[dsmurf]

Jordan i think this would be awesome,.Would love that.

[securitygeneration]

Resending would indeed be nice to have.

I agree that you'd want to be able to track an email as 'reported' without logging the rest of the info normally captured from the reporting user (IP, user agent, etc).

[mcvic1rj]

@jordan-wright a suggestion for the new report endpoint is to allow it to take a datetime object as well. That way you can insert the event, and have it displayed in the correct location in the timeline.

[dsmurf]

Is there any timeline on this?

[FLX-0x00]

I would love to see the "report" -button in the admin interface. Most customers receive individual phone calls and have to copy the RID from the admin interface and send it to the /report api. A good implementation could be to make the icon <i class="fa fa-times-circle text-center text-muted"></i> clickable in ordner to mark the email as reported directly. I will give it shot and try to implement this on my own. Should be not too hard.

[FLX-0x00]

commited to my fork, works like a charm. feedback welcome

evait-security@91fd9d1

[FLX-0x00]

@jordan-wright since the functionality is added into master the issue can be closed i think =)