Skip to main content
All CollectionsEmail Quarantine AutomationUse EQA with PhisArm
How to use Email Quarantine Automation (EQA)?
How to use Email Quarantine Automation (EQA)?
Soumalya Mitra avatar
Written by Soumalya Mitra
Updated over a week ago

With Email Quarantine Automation (EQA), the admin can identify and remove emails from their employees' inboxes if they don't match certain criteria.

You can use EQA for the following:

  1. Create a query for email quarantine automation

    1. Create query through PhishArm

    2. Create query through EQA

  2. Run the query to identify all the emails in the employees' inbox that match the query

  3. Take subsequent action on the emails identified after running the query

Create a query for email quarantine automation

A company admin can create a new query through two means.

Create query through PhishArm

  1. Identify the email which you want to report.

  2. After you've identified the suspected phishing email, report it using the Phisharm browser extension. Then click Report this Email.


  3. Now, navigate to PhishArm > Reported Emails in the left navigation bar. All the reported emails appear here.

  4. Click on the email you just reported. You will be taken to a page that provides detailed information about the reported email.

  5. Click Quarantine to quarantine the email. The Email Quarantine Automation (EQA) query modal will appear.

  6. In the Query For Email Quarantine Automation pop-up, you can either type or edit the following fields:

    1. Query Name- A unique identifier of the search query.

    2. Subject- The subject of the email you want to identify and match.

    3. Sender Email- The email address of the sender you want to identify and match.

    4. Search Folder- The folder name in the email inbox where EQA should look for emails matching the search query.

    5. Platform- The email platform where the query will search for emails. This is an uneditable field and is selected by default based on the email integration configured in the EQA.

    6. Body- The body of the email you want to identify and match.

    7. Matching Criteria- You can choose to search for emails that match all the above conditions or that match any condition.

Create query through EQA

  1. Navigate to EQA > Query > Create New.

  2. In the Query For Email Quarantine Automation pop-up, type your details in the following fields:

    1. Query Name- A unique identifier of the search query.

    2. Subject- The subject of the email you want to identify and match.

    3. Sender Email- The email address of the sender you want to identify and match.

    4. Search Folder- The folder name in the email inbox where EQA should look for emails matching the search query.

    5. Platform- The email platform where the query will search for emails.

    6. Body- The body of the email you want to identify and match.

    7. Matching Criteria- You can choose to search for emails that match all the above conditions or that match any condition.

  3. Click Save and Execute Query. If you want to execute it later, click Save Search Query.

Run the query to identify all the emails in the employees' inboxes that match the query

  1. If you choose to Save and Execute Query, the query will be executed immediately. The query status will be displayed as Queued (for a short period of time) if there are multiple queries. After the queued query is complete, its status changes to Completed.

  2. If you choose to Save Search Query, it'll get added to the list of queries. You can then choose to either:

    1. View the query you have created. Please note that you can't edit the query once created.
      OR

    2. Execute the query. On execution, the query will search the inboxes of employees for all emails matching the parameters in the query.

Take subsequent action on the emails identified after running the query

  1. After a query changes to the Completed status, the user can do the following:

    1. View the query you have created. Please note that you can't edit the query once created

    2. Execute the query. On execution, the query will search the inboxes of employees for all emails matching the parameters in the query

    3. View Details. This lists all the emails which matched the query

  2. Once a query is executed and completed, the user can click on Action and take the following actions on the emails which matched the query:

    1. Quarantine Selected: This option will move all the selected emails to the Quarantine folder in the users' inboxes.

    2. Quarantine All: This option will move all the matched emails in the list to the Quarantine folder in the users' inboxes.

    3. Restore Selected from Quarantine: This option will move the selected email from the Quarantine folder and restore it back to the inbox.

    4. Restore All from Quarantine: This option will move all the emails from the Quarantine folder and restore them back to the inbox.

    5. Delete Selected: This option will permanently delete the selected emails and remove them from the users' inboxes.

    6. Delete All: This option will permanently delete all the matched emails in the list and remove them from the users' inboxes.

Note: The Delete, Selected, and Delete All options appear only if the user has enabled them in the Configuration tab, as shown below.

Enable Delete option - If this option is enabled, the admin will be able to delete an email that matches the query from an employee's inbox. It is recommended to be careful while using this feature as the deleted email(s) cannot be recovered.

Enable Email Filtration - If this feature is enabled, the whitelisted domain(s) will be excluded from the query search results. It is useful when you run phishing simulation campaigns and want such emails to reach the employees' inboxes.

Did this answer your question?