The FortiSOAR Phishing ML Classifier, available within the Recommendation Engine, aids in predicting phishing emails with a confidence score ranging from 0 to 100%. This classifier is trained on a substantial dataset of publicly available phishing email samples, allowing it to effectively predict new phishing emails with confidence.

This solution package includes an add-on playbook that enables users to set a confidence threshold. Based on this threshold, it offers the flexibility to fine-tune how alerts are handled. For instance, you can use the provided example, which suggests elevating the alert severity when the prediction confidence for an email being a phishing attempt exceeds 90%. This template can be extended to perform various actions such as assigning tasks, changing statuses, moving emails to different queues, or triggering additional investigation playbooks.

The "Phishing Email Triage Based on ML Classifier" solution pack showcases various scenarios and triage playbooks for handling phishing emails, leveraging information obtained from the email server. These playbooks assist in efficiently triaging phishing emails. You can employ the FortiSOAR Phishing Classifier connector to classify phishing emails within this framework.