Managed Security Awareness Initial Setup - Step 3

Updated Feb 1, 2024

Add the MA IP address to Google Workspace allowlists

You can use Google Workspace® to allowlist the MA program IP address and headers, and any applicable third-party IP addresses that are used during spam filtering. For example, a static IP address or a range of IP addresses that are assigned to you by your third-party provider.

Requirements

Before you begin

Steps

  1. Allowlist the MA IP address.
  2. Add a custom spam filter for MA Phishing Simulation emails.
  3. Configure header filtering in Google Workspace.

Step 1: Allowlist the MA IP address in Google Workspace

  1. Sign in to the Google Admin console.
  2. In the menu, click Apps > Google Workspace > Gmail.
  3. Click Spam, phishing and malware.
  4. In the navigation menu, select the domain for your organization.
  5. On the Spam, phishing and malware tab, do one of these actions:
    • Scroll to the Email allowlist setting.
    • In the search field, enter Email allowlist.
  6. In the Email Allow List field, enter the MA IP address.
  7. Click Save.

    Note: It can take up to 24 hours for your changes to take effect.

Step 2: Add a custom spam filter for MA Phishing Simulation emails

  1. In the Google Admin console menu, click Apps > Google Workspace > Gmail.

  2. Click Spam, Phishing and Malware.

  3. In the Spam section, click Add a rule.

    The Add setting window opens.

  4. In the Required: enter a short description that will appear within the setting's summary field, enter a description for the rule.

  5. In the Options to bypass filters and warning banners section, complete these steps:

    1. Select Bypass spam filters for internal senders.

    2. Select Bypass spam filters for messages from senders or domains in selected lists.

    3. Click Create or edit list to add one or more allowed MA Phishing Simulation domains.

      The Manage address lists window opens.

  6. Click Add address list.

  7. In the Name field, enter Arctic Wolf MA Phishing Domains.

  8. Click Bulk add addresses.

    The Bulk add addresses window opens.

  9. Based on your preferred language, copy one of these phishing domain lists:

    • English:
      arcticwolf.com, automated-mailsender.com, mail-donotreply.com, humanresources-mailer.com, internal-humanresources.com, helpdesk-itsupport.com, internalcorporate-mailer.com, securityalert-corporate.com, corporate-alert.com, itsupport-corporate.com
    • Deutsch:
      arcticwolf.com, mitarbeiter-helpdesk.de, unternehmenssicherheit-alarm.de, itsupport-mitarbeiter.de,  admin-hinweis.de
  10. In the Enter comma or space delimited email addresses or domain names field, paste the phishing domain list.

  11. Click Add, and then click Save.

    Note: It can take up to 24 hours for your changes to take effect.

  12. Make sure your settings work correctly. Send a test MA phishing simulation email to yourself or admins:

  13. In the MA Portal menu, click Administration Dashboard.

  14. Click the User Information tab.

  15. In the Search field, enter the name of an MA administrator, and then press Enter.

  16. Find the user in the list, and then click Assign Session.

  17. On the Assign Session page, in the Search field, enter Phishing simulation.

  18. In the list of search results, select a phishing simulation to use for testing, and then click Assign.

    Tip: For this test, Arctic Wolf recommends assigning the Customer Complaint or Commonwealth Games Viewing Parties phishing simulation.

  19. Make sure the test MA phishing simulation email is in your inbox. If the email is:

    • In your inbox — Your settings are correct. Continue with the next procedure.

      Tip: In the Phishing Simulation section, if the Secure Culture Dashboard percentage is 0%, you can also use this to verify that there are no false positives.

    • Not in your inbox — Create a ticket in the Arctic Wolf Unified Portal for assistance.

Step 3: Configure header filtering in Google Workspace

  1. In the menu, click Apps > Google Workspace > Gmail.

  2. Click Compliance.

  3. In the Content compliance section, click one of these options:

    • Configure — If you have not configured any content compliance settings.
    • Add another rule — If you have already configured content compliance settings.

    The Add setting window opens.

  4. Enter a short description for the rule, such as Arctic Wolf MSA Header Rule.

  5. Select the Inbound checkbox.

  6. Select If ANY of the following match the message from the expressions list.

  7. In the Expressions section, click Add.

    1. Select Advanced content match from the list.
    2. For Location, select Full headers.
    3. For Match type, select Contains text.
    4. For Content, enter the Arctic Wolf header X-ArcticWolf.
    5. Click Save.
  8. Under Spam, select Bypass spam filter for this message.

  9. Click Save.

    Note: It can take up to 24 hours for your changes to take effect.

  10. Make sure your settings work correctly. Send a test MA phishing simulation email to yourself or admins:

  11. In the MA Portal menu, click Administration Dashboard.

  12. Click the User Information tab.

  13. In the Search field, enter the name of an MA administrator, and then press Enter.

  14. Find the user in the list, and then click Assign Session.

  15. On the Assign Session page, in the Search field, enter Phishing simulation.

  16. In the list of search results, select a phishing simulation to use for testing, and then click Assign.

    Tip: For this test, Arctic Wolf recommends assigning the Customer Complaint or Commonwealth Games Viewing Parties phishing simulation.

  17. Make sure the test MA phishing simulation email is in your inbox. If the email is:

    • In your inbox — Your settings are correct. Continue with the next procedure.

      Tip: In the Phishing Simulation section, if the Secure Culture Dashboard percentage is 0%, you can also use this to verify that there are no false positives.

    • Not in your inbox — Create a ticket in the Arctic Wolf Unified Portal for assistance.

Next steps