Introduction
The Graphus setup guide is designed to get you started in Graphus quickly and efficiently. The guide includes the initial setup steps for onboarding your organization. The sections should be performed in the order they are presented.
You can also refer to this guide when onboarding a new customer (sections 4, 5, and 7).
The guide includes the following sections:
Section 1: First-time login
When you are added as a new Graphus user, you will receive a welcome email explaining the steps for creating your password.
-
In the email, click the click here link.
- In the Reset Password modal, create a password, confirm it, and click the Reset button.
- In the Password Reset modal, click the Back to Login button.
-
Login with your username and password.
Section 2: Enabling two-factor authentication
It is recommended that you enable two-factor authentication to add an additional layer of security to your Graphus account.- Authenticator App: This method requires that you download a 2FA authenticator app to your phone. Every time you attempt to log into Graphus, you will be required to enter the authentication code that is generated by your authenticator app. For more information, see the guide Logging in using a two-factor authentication app.
- SMS Verification: This method sends a text message to your cell phone that includes an authentication code. Every time you attempt to log into Graphus, you will be required to enter the authentication code that is sent to your phone.
- On the top menu, click MSP Administration.
- In the navigation menu, click User Management.
- Your name is listed on the Local Users tab. In the Action column, click the Edit icon.
-
On the Update User Details page:
a. Click the Two Factor Authentication toggle to enable it. Authenticator App is automatically selected as the authentication method.
b. If you want to use the SMS Verification method, select the SMS Verification radio button. In the Cellular Number field, enter your cell phone number. - Click the Update User button.
Section 3: Configuring settings on the MSP Administration page
Click the MSP Administration tab to start configuring Graphus. The Global Settings page is selected by default. The Global Settings page allows you to configure default settings for all future organizations you add and apply settings to existing organizations simultaneously.-
Save As Default: Creates a default setting that will be applied when a future organization is created.
-
Apply: Applies the setting to existing organizations that you select.
-
Save as Default And Apply: Applies the setting to new organizations added to Graphus going forward and allows you to apply the setting to existing organizations that you select.
Global Settings - descriptions
- Branding: Customize your Graphus reports by adding your company logo and picking a report header and footer color.
- EmployeeShield Banner: The EmployeeShield banner is an interactive warning banner inserted in the recipient’s email. It allows a recipient to mark an email as safe or unsafe. Under Global Settings, you can manage the look and feel of the banner.
- Whitelisting: Use whitelisting if you want Graphus to skip processing any inbound email with attributes that match the whitelisted parameters. Graphus quarantine and EmployeeShield® functionalities will not be applied to these emails. For more information, see the Whitelisting Feature Guide.
- EmployeeShield® Application on Suspicious and Not Yet Trusted Senders: You can elect when EmployeeShield® banner appears in emails from a new external sender or a sender that has not been trusted yet by Graphus.
- Daily Insights Report: A daily phishing defense report can be generated and emailed to specific recipients.
Section 4: Adding and activating organizations
Adding an organization
To add an organization:
- Click the Organizations tab.
- Click the Add Organization button.
- Complete the Add Organization form. If the Organization Type is Office 365, copy the organization’s Tenant ID in Microsoft Entra ID and paste it into the Azure AD Tenant ID field. Graphus will need the Tenant ID later when activating the organization.
- Click the Add Organization button. The organization is listed on the Organizations page with the Status of Created.
- In the Action column, click Activate and follow the prompts.
After you have completed all activation steps, Graphus will analyze the organization’s email environment to learn its unique communication patterns. This creates a communication fingerprint (TrustGraph) that Graphus uses to detect and quarantine malicious emails. Creating the fingerprint can take 24-48 hours.
Note: When activating an M365 organization's email domain, you can track the progress of the activation in the Activation Progress modal. For more information, see the Graphus Microsoft 365 activation guide.
Section 5: Configuring organization settings
Once a new organization has been activated, you can enable settings that apply to this organization only.
Keep in mind that the settings you configured and saved as the default on the MSP Administration page have already been applied to the new organization.
Organization Settings – descriptions
-
Investigation Functionalities:
Here you can configure investigation tools used in the Investigate modal. Options include determining how users view email content, whether they can download attachments, or if they can use a sandbox. -
Phish911 Configuration:
This setting allows email recipients to report suspicious emails that look like phishing attempts but were not quarantined or did not include a banner. You configure the method by which recipients can report these emails.
It is important that you create a dedicated inbox in your email domain that is only used for this feature. Every email sent to this inbox will trigger the Graphus Phish911 process.
The configuration methods (types) available are:- Graphus: Recipient forwards suspicious emails to the dedicated Phish911 inbox.
- Phishing Awareness Training: Recipient clicks the Phish Alert Report button (plugin from your phishing training solution) in the email.
-
Microsoft 365 Report Phishing: Recipient clicks the Microsoft Outlook Report Message button in the email.
For more information, see the Phish911™ Feature Guide. -
Executive Spoofing Prevention:
Graphus will immediately quarantine any emails that appear to be impersonating the names of executives you enter here. It is recommended you enter an executive’s full name to prevent unwanted quarantines. -
Impersonation Protection for Internal Senders: Graphus will utilize email authentication parameters such as SPF, DKIM and DMARC to block emails sent to your organization that are impersonating the internal domain.
Make sure your email authentication is set up properly before activating this feature. -
EmployeeShield® Banner with Mail Filtering: The EmployeeShield Banner feature can be enabled at the organization level when it's not enabled globally. When enabled globally, organization level settings have priority over global settings.
Additional EmployeeShield Banner settings, such as enabling the banner for specific users, are available at the organization level.
Important: The Graphus Feedback app must be configured for each organization for which you enable the EmployeeShield banner. Configuration will prevent the recipient from being prompted for admin consent when providing feedback via the EmployeeShield banner. For configuration information, see the article EmployeeShield® Banner Settings Guide.
Also, you can enable personal mail filtering at the organization level only. This will allow a recipient to mark an email as junk via a link in the banner. Future emails from a marked junk sender will be blocked for this particular recipient only.
For information, see the articles Enabling the Personal Spam Filter and Managing the Personal Spam Filter. - Quarantine Folder Configuration: Select the folder for which quarantined emails will be moved. The Personal Spam Filter will always move email to the deleted folder.
- Email Notification for Graphus Alerts: For the categories you enable, Graphus will send an email notification to the recipients you specify. For example, if Quarantine is enabled, an email notification will be sent to recipients whenever an email is quarantined. For the other categories, an email will be sent when a banner is applied to an email (EmployeeShield enabled) or when a user reports an email via Phish911 (Phish911 enabled).
- SIEM/Ticketing Integration: Graphus will publish an event to the configured SIEM or ticketing system when it generates an alert for the categories you enable.
-
Whitelisting: Graphus will skip processing any inbound email with attributes that match the whitelisted parameters. No quarantine or EmployeeShield functionalities in Graphus will be applied to such emails.
For more information, see the Whitelisting Feature Guide. -
Organization Mail Filter: Upload a list of junk mail senders that will be blocked for the whole organization.
For information, see the articles Enabling the Personal Spam Filter and Managing the Personal Spam Filter. - Group Protection: Graphus will only protect the users within the group identified by the email address you enter. The group must already exist in M365 or Google. If you are using Phish911, you must add the email address of the dedicated Phish911 inbox to the protected group. Otherwise, Phish911 will not work.
We recommend you configure the following settings at a minimum for each organization:
- EmployeeShield banner
- Phish911 Configuration
- Impersonation Protection for Internal Senders
- Email Notification for Graphus Alerts or SIEM/Ticketing Integration
To configure organization settings:
- On the top menu, click Insights.
- Click the name of the organization.
-
In the navigation menu, click Settings.
- Configure the desired settings.
Section 6: Performing integrations
You can integrate Graphus with other Kaseya modules to enhance Graphus functionality. For example, Graphus can be integrated with IT Glue to import organization names and domains from IT Glue.
For more information, see the following articles:
- Autotask ticketing integration
- Simplified Organization Management with IT Glue
- BullPhish ID Integration with Graphus
- (RocketCyber) Configure Email Security - Graphus
Note: Graphus is automatically integrated with other Kaseya products including Compliance Manager and BMS. For more information, refer to the Kaseya automations website and select/search for Graphus.
Section 7: Adding users to Graphus
The User Management page is where you add and manage users. The page is available at the MSP level and the organization level. Users added at the MSP level have global access to all the MSP’s organizations in Graphus. Whereas users added to a specific organization have access to that organization only and do not have access to MSP level functionality. The same organization user cannot be added to multiple organizations.
User roles
A new user must be assigned one of these roles:
- Admin: Selected by default when adding a new user. The Admin role enables the user to perform all activities in the application at the level for which the user was added.
- Analyst: Users assigned the Analyst role can only investigate alerts at the level for which the user was added.
MSP level User Management
The MSP level User Management page is accessed from the MSP Administration menu. Here you manage your organization’s local and KaseyaOne user’s.
-
Local users: The Local Users tab lists the Graphus users for which you have created a Graphus account locally. Only local user accounts will receive Graphus specific login credentials.
To add a new local user, click Add Local User and complete the form.
-
KaseyaOne users: The KaseyaOne Users tab displays only users created via Automatic User Access. When Automatic User Access is enabled on the KaseyaOne page, KaseyaOne users are required to access Graphus with KaseyaOne Unified Login.
Note: For more information about KaseyaOne, see Section 8: Introduction to KaseyaOne.
Organization level user management
Organization level users are managed on the organization's User Management page.
To access the organization’s User Management page, on the navigation bar, click Insights and click the name of the organization. In the navigation menu, click User Management. The organization's users are listed in the table. The users have access to this organization only.
To add a new user for this organization only, click the Add User button. Complete the User Information form.
Section 8: Introduction to KaseyaOne
KaseyaOne is the customer portal and central hub for all products that belong to the Kaseya IT Complete portfolio. Unified Login is Kaseya’s SSO with different user management functionalities. When Enable Log in with KaseyaOne is enabled, users can directly access Graphus coming from the KaseyaOne Portal or using their KaseyaOne credentials on the Graphus Login page.
The KaseyaOne Unified Login also includes options to:
- turn off the local Graphus login,
- grant KaseyaOne users access to Graphus without the need of creating a local Graphus user, and
- restrict the access of KaseyaOne users when they are disabled or deleted within KaseyaOne.
For information about enabling KaseyaOne Unified Login, see the article Enabling KaseyaOne Unified login for Graphus.