# How to Use Sniff and Detect
#### **Overview** [](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2026-03/U4ks7IDbEjY7Qwvb-image.png)
AQUILA – SNIFF & Detect is a custom integration app within the **AQUILA platform** that enables Microsoft 365 environments to deploy **advanced malicious email detection** capabilities.
The app is packaged as a **manifest.xml** file and can be added to an organization’s Microsoft 365 tenant via the **Integration Apps** section in the Microsoft 365 Admin Center.
---
#### **Key Capabilities & Value** [](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2026-03/jBlpQPC2DfMETIrY-image.png)
- **Seamless Integration** – Install in Microsoft 365 with just a few clicks, no complex infrastructure required.
- **Permission-Driven Security** – Requires admin approval to grant permissions, ensuring a secure deployment process.
- **Centralized Control** – Managed via AQUILA and distributed through the AQUILA Store for consistent updates.
- **AI-Enhanced Detection** – Uses AQUILA’s AI and Cyber Threat Intelligence to scan and detect malicious emails in real time.
- **User-Friendly Accessibility** – Appears in the “More apps” section for assigned users, making it easy to launch.
- **Minimal Footprint** – Only ~6 KiB in size, ensuring fast installation without performance impact.
---
#### **Simple Step-by-Step Instructions **[](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2026-03/L3FUfskDB2bTOhfG-image.png)
1. **Access the App**
- Open Outlook and check the apps panel to ensure Sniff & Detect is listed and accessible.
- Users can launch it from **More apps** in Microsoft 365.
[](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-08/x0FuZ3iJt7A0EjRE-image.png)
- A phishing email impersonating Netflix. An arrow points to the **SNIFF & Detect** icon, indicating where to scan or flag the email as suspicious.
[](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-08/fdE09hu7Rl60QyT9-image.png)
-
[](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-08/pRLtXFAqIgrMvZMx-image.png)
- SNIFF & Detect has scanned the email, highlighting possible errors such as
1. **Arrow 1** points to the **Language issues** section, showing spelling and grammar mistakes found in the phishing email.
2. **Arrow 2** points to the **What you should do** section, giving safety advice on how to handle the suspicious email.
[](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-08/o6vEVWiMGeCI3Gsk-image.png)
- **Arrow 1** – Highlights the **AI Insight Results** tab in SNIFF & Detect, which contains the automated analysis results of the scanned email.
- **Arrow 2** – Points to the **Malicious** classification summary. This section briefly explains the reasons the email is flagged, such as suspicious sender details, urgent tone, spelling and grammar errors, and suspicious links.
- **Arrow 3** – Directs attention to the actual phishing email content pretending to be from Netflix, warning about a payment failure and urging the user to update their payment information.
- **Arrow 4** – Indicates the **Report as Phishing** button, which the user can click to formally report the suspicious email to security for further action.
[](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-08/xCI6XwmmK0SHb2Jv-image.png)
- Click the "**Run a deep scan**" button, which allows for a more detailed examination of the email to detect hidden threats and malicious indicators.
[](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-08/51ELQvK9m7iXcuUC-image.png)
- **SNIFF & Detect** doing a deep scan on a suspected phishing email pretending to be from Netflix. The scan may take a couple of minutes to finish.
[](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-08/W3myFSHB02eaTvS2-image.png)
- The scan results are now finished and ready to check.
[](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-08/mALzljyROiLcmqPz-image.png)
- This is the result of a deep scan conducted by the Sniff & Detect tool on a suspicious email impersonating Netflix.
1. **Arrow 1** highlights the domain **netflix-billing.com,** which is flagged as a spoofed domain used to impersonate Netflix and trick users into entering sensitive information.
2. **Arrow 2** lists phishing-related email addresses such as **richmond@cytcehint.com** and [**support@netflix-billing.com**](mailto:support@netflix-billing), which are likely used to send or support the fraudulent email.
3. **Arrow 3** shows the IP address **192.168.1.45**, flagged as part of the phishing infrastructure. Although it's a private IP, its presence suggests internal spoofing or malicious setup.
[](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-08/4JxCoYEvR1qYSOzV-image.png)
*If you need further assistance, kindly contact our support at* ***support@cytechint.com*** *for prompt assistance and guidance.*