Push icon
  • Product
  • Use cases
    SaaS discovery
    SaaS discovery
    Detect SaaS apps that employees are using in your company.
    Risky third-party integrations
    Risky third-party integrations
    Nudge employees to remove unused third-party integrations.
    Malicious mail rule detection
    Malicious mail rule detection
    A strong indicator of compromise. Detect and respond automatically.
    Automated MFA deployment
    Automated MFA deployment
    Use ChatOps to automatically nudge employees to enroll.
  • Pricing
  • Blog
  • About

ChatOps: Ask the rule owner

The most valuable input when triaging a potentially suspicious rule is from the rule owner themselves. If the rule owner recognises the rule, chances are it wasn't created maliciously. If the rule owner doesn't recognise the rule, you should immediately be suspicious.

You can use the ChatOps automation to automatically ask a rule owner if they recognise a potentially suspicious rule when it is first seen by the Push platform. Since the Push platform will message users shortly after rule creation, the rule should be fresh in their mind if they created it.

Users will be shown the key details of the rule and asked if they recognise it, don't recognise it, or are not sure, as shown below:

Auto-ask user automation

User responses are immediately reflected in the Push platform so by the time you login to triage the rule, you have the most useful input ready and waiting.

You can also choose to have the Push platform automatically disable the rule on Microsoft 365 if the user doesn't recognise it, or is not sure, allowing you to minimise impact without any intervention from you, and buying you time whilst you investigate.

push logo
Product
  • Overview
  • Pricing
Use cases
  • SaaS discovery
  • Risky third-party integrations
  • Malicious mail rule detection
  • Automated MFA deployment
Push
  • Team
  • Investors
  • Contact
  • Careers
Assurance
  • Privacy policy
  • Cookie policy
  • Terms
  • Sub-processors
© Push 2022. All rights reserved.
cyber essentials logo
You're offline. Waiting to reconnect.