Integration Between BullPhish ID and INKY User Phishing Reports

We are requesting improved integration between BullPhish ID (phishing simulations) and INKY (email security) to better handle user-reported simulated phishing emails.

Current Issue:
When a user correctly identifies and reports a BullPhish simulation using the “Report Phish” button, the message is treated as a real phishing incident by INKY. This results in:

• Unnecessary ticket creation (Autotask PSA)

• SOC/technician time spent reviewing false incidents

• User confusion due to lack of feedback

• Increased noise in phishing reporting workflows

Requested Behavior:
When a user reports a BullPhish simulation:

1. The system should automatically recognize the message as a simulation (via headers, tagging, or integration).

2. The user should receive immediate feedback such as:

   • “Good catch — this was a simulated phishing test.”

3. The event should be logged in BullPhish as a successful user action.

4. The report should NOT:

   • Generate a phishing incident in INKY

   • Trigger SOC workflows or alerts

   • Create tickets in Autotask

Additional Suggestions:

• Introduce a header/tag (e.g., X-Phish-Simulation: BullPhish) for easy identification

• Allow MSPs to define handling rules for simulated phishing reports

• Provide reporting on user detection success without impacting security incident metrics

Business Impact:

• Reduces false positives and alert fatigue

• Improves technician efficiency

• Enhances user training experience with immediate reinforcement

• Aligns phishing simulation outcomes with real-world SOC workflows

This integration would significantly improve operational efficiency and the overall effectiveness of the Kaseya security stack.