SaaS Attack Matrix: Understand how modern attackers operate | Learn more →

Ready to help

The Push chatbot


If we’re doing our job well, you’ll start to think of the Push chatbot as your online guardian. The Push chatbot is designed to message you only when we find a potential security risk with your work apps.

If that happens, we’ll send you a short, easy-to-understand message that includes guidance on how to resolve the issue.

ChatOps topics: mail rules - example message
An example ChatOps message an employee would receive if a suspicious mail rule is created in their inbox

Most of the time, you should forget we even exist.

How does it work?

If your company uses the Push chatbot, you’ll receive messages in either Slack or Microsoft Teams from the Push Security app.

Chatbot - Slack - employee docs - 20230127

Messages are sent privately to you as a direct message. They include a short description of the issue we found, such as a weak password, and a link to a help article if you’d like to learn more about why we contacted you or how to resolve the issue.

Some issues can be resolved in a single step, like confirming you recognize a mail forwarding rule you just created, and you can do that by clicking a button in the chat message.

Other issues may require a few more steps, like changing an easily guessable password.

If you don’t have time to fix the issue right away, ask the chatbot to remind you again later. We won’t bother you outside of work hours with the rare exception of a scenario where you’re using work apps after-hours and we find an issue. In those cases, we’ll message you right away instead of waiting for your next day’s working hours.

The improvements you make will show up on a dashboard so your security team can see you've fixed the issue and let you get on with your work.

What messages will I get?

Depending on how your security team has configured Push, you could get chat messages on the following topics:

  • Enroll your browser: A one-time setup task to enroll your browser in Push by installing the browser extension anywhere you access work apps.

  • Verify if a mail forwarding rule is legitimate: A quick check to make sure you created a mail rule that forwards company email to an external domain. External mail forwarding is sometimes used by attackers to intercept and steal company information.

  • Improve a password: If Push notices that you use a password that’s easy to guess, that’s shared across multiple apps, or that has been exposed in a data breach, we’ll message you and ask you to improve it.

  • Register for MFA: If you don’t use multi-factor authentication (MFA), we may message you to take a few minutes to set it up for your primary work account, either Microsoft or Google. MFA helps protect your account from unauthorized access.

  • Remove an unused integration: If you have an app connected to your Google or Microsoft work account that hasn't been used in a while, we'll ask you to confirm whether you still need it, or you can remove it right from the chat message.