Real Time Threats – beta

The Real-Time Threats feed gives security teams immediate visibility into potentially malicious emails and enables them to create phishing simulations and targeted nudges for security awareness programs.

By leveraging live threat data, organizations can deliver highly relevant, contextual interactions with employees and take an unprecedented proactive stance in raising awareness of ongoing attacks.
Bridging the gap between real security data streams and awareness content creation is essential. This capability ensures programs can adapt in real time, equipping employees to recognize and respond to emerging threats as they unfold.

How does it work?

To activate this feature for your organization, please contact your Customer Success Manager representative. When enabled, this feature is accessible via a “Real Time Threats” tab in the Command Center. Here, you can:

View a centralized feed of all reported emails.
See key details for each reported email, including:
- Subject
- Phishing likelihood
- Sender email address
- Reported by (user)
- Reported date
- Social engineering technique
Click any email in the feed to inspect detailed information about the report.
Create an Awareness Nudge using a snapshot of the reported email and send it immediately to users.
Use the reported email inside the Simulation studio to further customise and save as a email simulation asset
Translate the emails or nudge into multiple languages.

This tab is only visible to “root organization” admins inside each tenant, soon, we will be able to “filter” this feed into the tenant’s respective orgs Coming soon

When a user clicks on an item in the Real-Time Threats feed, they will see the complete metadata related to the reported threat. From this view, the user can inspect the original reported email and take one of the following actions:

Create an email template in the Phishing Studio
Create an awareness nudge based on the reported email

When an admin clicks on an item in the Real-Time Threats (RTT) feed, two powerful workflows become available to help turn live threat data into actionable awareness initiatives. First, the admin can generate and send an immediate awareness nudge using details from the reported email, targeting users who may benefit from timely guidance based on actual threats.

Alternatively, the admin can leverage the reported email to create a new email template within the Phishing Studio, allowing it to be customized and saved as an asset for phishing simulation campaigns. This dual approach enables organizations to respond in real time by both educating users and continuously evolving training simulations using authentic, real-world incidents, ensuring awareness programs stay highly relevant and effective.

How to enable it?

Real-Time Threats begins ingesting reported emails from most phishing reporting capabilities, provided the reported email can be forwarded to a dedicated inbox based on a transport rule or similar setup. For example, you can use the Outlook native reporting button or set up alternative reporting choices, as per your organization’s infrastructure. Please refer to the technical documentation for setup steps.
Once the integration is complete, contact your Customer Success representative to activate this feature for your tenant.
After activation, you will see a new “Real Time Threats” tab in the Command Center, giving you access to the threats feed.
You can now start responding to threats and creating assets directly for your organization.

Future improvements: what’s coming soon

Enable self-service configuration: As we transition out of the beta phase, you will be able to enable and configure the Real-Time Threats feature directly through the platform, with step-by-step setup guidance.
Enhanced phishing detection: We are increasing the accuracy and inputs for the “Phishing likelihood” score to more precisely identify phishing attacks.
Improved handling of large emails: The platform will soon support seamless conversion of large emails into assets, ensuring fast and accurate representation of real email threats.
Greater variety of training assets: We will introduce the ability to automatically generate a wider range of training materials, including more diverse nudges and email templates.
Expanded integrations: Integration capabilities will be broadened to support more threat intelligence platforms, security and anti-malware solutions, and IT service management (ITSM) systems.

These enhancements are designed to make Real-Time Threats even more powerful and adaptable, helping organizations strengthen their security awareness programs.

Who can see and have access to the Real time threats feed?

During the beta rollout, visibility and access to the Real-Time Threats feed is restricted to admins of the root organization when the feature is enabled for your tenant. In upcoming releases, we plan to extend access so that each organization within the tenant can view the feed, with controls in place to ensure proper data governance and secure handling of reported emails.

Would I be exposing sensitive data when sending a nudge from a reported email?

OutThink masks any PII or sensitive information, such as names and phone numbers, that might be present in a reported email. This allows customers to safely send awareness nudges to their users without exposing confidential details.