Managed Security Awareness Initial Setup - Step 3
Updated Sep 15, 2023Add the MA IP address to Google Workspace allowlists
Use Google Workspace® to allowlist the MA program IP address and headers and any applicable third-party IP addresses that are used during spam filtering. This could be a static IP address or a range of IP addresses that are assigned to you by your third-party provider.
Before you begin
- Complete Step 2: Add MA to email gateway and spam filtering allowlists.
- Obtain the MA IP address to allowlist. To see the complete list of IP addresses that you must allowlist, go to the Arctic Wolf Unified Portal, and then click Help > Allowlist Requirements. The IP addresses that must be allowlisted are listed under Security Awareness Training.
- If applicable, obtain the static IP address or range of IP addresses from your third-party provider.
Steps
- Allowlist the MA IP address.
- Configure header filtering.
- Add custom spam filter for MA Phishing Simulation emails.
Step 1: Allowlist the MA IP address in Google Workspace
-
Sign in to the Google Admin console.
-
Click Apps > Google Workspace.
-
Click Gmail.
-
Click Spam, phishing and malware.
-
On the left pane, select the domain for your organization.
-
On the Spam, phishing and malware tab, do one of these actions:
- Scroll to the Email whitelist setting.
- In the search field, enter
Email whitelist
.
-
In the Email Allow List field, enter the MA IP address.
-
Click Save.
Note: It can take up to 24 hours for your changes to take effect.
Step 2: Configure header filtering in Google Workspace
-
Sign in to the Google Admin console.
-
Click Apps > Google Workspace.
-
Click Gmail.
-
Click Compliance to expand it.
-
In the Objectionable Content section, click Configure.
-
Click Name the content > Inbound > Add custom headers.
-
Enter the header values for MA.
-
Select Bypass spam filter for this message
-
Click Save.
Note: It can take up to 24 hours for your changes to take effect.
-
Make sure your settings work correctly. Send a test MA phishing simulation email to yourself or admins:
-
In the MA Portal menu, click Administration Dashboard.
-
Click the User Information tab.
-
In the Search field, enter the name of an MA administrator, and then press Enter.
-
Locate the user in the list, and then click Assign Session.
-
On the Assign Session page, in the Search field, enter
Phishing simulation
. -
In the list of search results, select a phishing simulation to use for testing, and then click Assign.
Tip: Arctic Wolf recommends assigning the phishing simulation titled Friendsgiving Celebration or Commonwealth Games Viewing Parties for this test.
-
Check if the test MA phishing simulation email is in your inbox. If the email is:
- In your inbox — Your settings are correct. Continue with the next procedure.
Tip: You can also verify that the percentage in the Secure Culture Dashboard under Phishing Simulation is at 0%, indicating no false positives.
- Not in your inbox — Submit a ticket in the Arctic Wolf Portal for assistance.
- In your inbox — Your settings are correct. Continue with the next procedure.
-
Step 3: Add custom spam filter for MA Phishing Simulation emails
-
Sign in to the Google Admin console.
-
Click Apps > Google Workspace.
-
Click Gmail.
-
Click Spam, Phishing and Malware.
-
In the Spam section, click ADD A RULE.
The Add setting window opens.
-
In the Required: enter a short description that will appear within the setting's summary field, enter a rule description.
-
In the Options to bypass filters and warning banners section, do these steps:
-
Select Bypass spam filters for internal senders.
-
Select Bypass spam filters for messages from senders or domains in selected lists.
-
Click Create or edit list to add one or more allowed MA Phishing Simulation domains.
The Manage address lists window opens.
-
-
Click ADD ADDRESS LIST.
-
In the Name field, enter
Arctic Wolf MA Phishing Domains
. -
Click BULK ADD ADDRESSES.
The Bulk add addresses window opens.
-
Copy the language specific phishing domain list for your organization.
English:
arcticwolf.com, automated-mailsender.com, mail-donotreply.com, humanresources-mailer.com, internal-humanresources.com, helpdesk-itsupport.com, internalcorporate-mailer.com, securityalert-corporate.com, corporate-alert.com, itsupport-corporate.com
Deutsch:
arcticwolf.com, mitarbeiter-helpdesk.de, unternehmenssicherheit-alarm.de, itsupport-mitarbeiter.de, admin-hinweis.de
-
Paste the domain list in the Enter comma or space delimited email addresses or domain names field.
-
Click ADD, and then click SAVE.
Note: It can take up to 24 hours for your changes to take effect.
-
Make sure your settings work correctly. Send a test MA phishing simulation email to yourself or admins:
-
In the MA Portal menu, click Administration Dashboard.
-
Click the User Information tab.
-
In the Search field, enter the name of an MA administrator, and then press Enter.
-
Locate the user in the list, and then click Assign Session.
-
On the Assign Session page, in the Search field, enter
Phishing simulation
. -
In the list of search results, select a phishing simulation to use for testing, and then click Assign.
Tip: Arctic Wolf recommends assigning the phishing simulation titled Friendsgiving Celebration or Commonwealth Games Viewing Parties for this test.
-
Check if the test MA phishing simulation email is in your inbox. If the email is:
- In your inbox — Your settings are correct. Continue with the next procedure.
Tip: You can also verify that the percentage in the Secure Culture Dashboard under Phishing Simulation is at 0%, indicating no false positives.
- Not in your inbox — Submit a ticket in the Arctic Wolf Portal for assistance.
- In your inbox — Your settings are correct. Continue with the next procedure.
-