How do I capture a screenshot during a detection event?

You can configure Push to capture a screenshot when a detection such as a phishing incident occurs.

To enable the collection of screenshots for detections, go to Settings > Advanced > Detection enrichment in the Push admin console and toggle on Capture screenshots.

You can also enable screenshot collection from a detection details slideout on the Detections page.

Once enabled, the Push browser extension will only capture a screenshot of pages that trigger a phishing detection.

Screenshots are intended to enrich the other metadata provided by Push about a detection to help with investigation. Many phishing sites are taken down quickly or are only accessible by the target user. By capturing a screenshot, security teams can see exactly what the user saw.

Note that screenshots are collected only once the setting is enabled; they do not populate retroactively for existing detections.