Onboarding Group
Underneath the chat ops settings, you can enable an onboarding group. This will allow you to select what users you want to receive chat ops messages. We will only interact with these users while you are in the onboarding phase. You can search for users in bulk and select the add or remove buttons at the bottom of the dialog to add all matches, or select the 3-dot menu on each user to add or remove them.SMS Chat Ops
All Wirespeed SMS communications will come from
+1 (855) 627-0635How SMS Enrollment Works
After you enable SMS chat ops, Wirespeed automatically sends enrollment emails to eligible users:- Invite emails are sent to users inviting them to enroll in SMS notifications
- Up to 3 attempts are made per user, with invites sent weekly
- Users who don’t respond after 3 attempts are marked as “Max Attempts” and will not receive further invites
Show Invite Email Preview
Show Invite Email Preview
Who Receives Invites
- Only users with authentication activity in the last 30 days are invited
- If you have an onboarding group enabled, only users in that group are invited
- New eligible users are identified and automatically invited once a week
SMS Enrollment Status
You can view each user’s SMS enrollment status on their detail page under Assets > Users. The status shows:| Status | Meaning |
|---|---|
| Enrolled | User has consented to receive SMS messages |
| Pending (X/3) | Invite sent, awaiting response (shows attempt count) |
| Max Attempts | 3 invites sent without response |
| Opted Out | User declined SMS enrollment |
| Not Invited | No invite has been sent yet |
Resetting SMS Invites
If a user reaches “Max Attempts” but later wants to enroll, you can reset their invite status:- Navigate to Assets > Users and select the user
- Click the Actions dropdown menu
- Select Reset SMS Invite
On First Use Messages
Enabled by default, the “On First Use” messages give a short explanation about what Wirespeed is, like this:Wirespeed is an application that keeps your company safe from hackers by occasionally asking you questions about you and your coworker’s activities. You can learn more about us here https://wirespeed.co and ask your security team for more information.You may disable this message by selecting the Trash icon next to the text field.
Account Locked Messages
When a user’s account is locked in response to an actionable detection, they will receive a message like this:Suspicious activity has been detected for your account which has caused us to reset your password and log you out of all active sessions. To regain access, please follow your company’s password reset instructions.This message is required but may be customized underneath Settings > Chat Ops. It is recommended to add a link to your password reset instructions.
Initial Rate Limiting
It’s best to rollout new functionality in stages, to minimize any issues or confusion. Wirespeed allows you to set a limit on the number of chat ops messages per day, so you can introduce it in small chunks to your organization. Escalations to your security team are not subject to these rate limits.Preemptive Rollout Messaging
It’s also a good idea to send an organization-wide message about rolling out Wirespeed, using the normal communication channels they would expect to see important updates, such as an organization-wide chat channel or official email address responsible for security or tech changes. Here’s an example template you could start from:Hi Team, This is a quick note to let you know that we have started using a cybersecurity monitoring app called Wirespeed which will occasionally message you asking you questions about your online activity, such as logging in from unusual locations. To the best of your ability, please answer any questions from the app so we can all make sure to keep our organization safe from hackers and ransomware. Wirespeed’s goal is to be painless and only ask you when it matters. Please also note that Wirespeed will never ask you for sensitive information, like your password, bank account, or government ID numbers! A screenshot of an example Wirespeed message is below. Thanks and please let us know if you have any questions! - Security Team
Examples
Below are examples of what the user will receive in Slack, Microsoft Teams, Email, and SMS.Initial Message
We will initially message the user through all available communication channels. Email, Slack, Teams, and SMS will redirect them to our website and go through the chat ops steps. Microsoft Teams will stay in app and display the chat ops steps in an iframe.- Email
- SMS
- Slack
- Microsoft Teams
Chat Ops Steps
- 1. Security Alert
- 2. SMS Consent
- 3. SMS Text
- 4. SMS MFA
- 5. Complete
The user (or their manager) will receive a message with a brief summary of the security alert. If they select no, their account and endpoint will be locked, and they will be told to contact their IT department to unlock it. If they select yes, they will continue to step 2.
Service Provider ChatOps
Wirespeed allows you as a Service Provider to configure default Welcome, Subject Line, Message Signature, and Account Locked messaging for all of your client teams. Within your parent client, navigate to ChatOps and input the default values that you want. When you spin a client team, they will inherit these fields. They can override these fields at any time and can also reset to your original default should they wish to. Should you update the field in your parent team, all client teams that have not overriden your messaging will inherit your latest messaging.FAQ
Can I manually add a phone number to a user for SMS enrollment?
Can I manually add a phone number to a user for SMS enrollment?
No. Due to FCC regulations, each user must provide their own phone number and give explicit consent to receive SMS messages. Administrators cannot manually add phone numbers on behalf of users. The user must complete the SMS enrollment process themselves by clicking the link in their enrollment email and entering their phone number.
Why hasn't a user received their SMS enrollment invite?
Why hasn't a user received their SMS enrollment invite?
Users must have authentication activity in the last 30 days to receive an SMS enrollment invite. If you have an onboarding group enabled, the user must also be in that group. New eligible users are automatically identified and invited once a week. Check the user’s SMS enrollment status under Assets > Users to see their current status.
How many SMS enrollment invite attempts does Wirespeed make?
How many SMS enrollment invite attempts does Wirespeed make?
Wirespeed sends up to 3 enrollment invites per user, with invites sent weekly. After 3 attempts without a response, the user is marked as “Max Attempts” and will not receive further automatic invites. You can manually reset their invite status from the user’s detail page.
What phone number do SMS messages come from?
What phone number do SMS messages come from?
All Wirespeed SMS communications are sent from
+1 (855) 627-0635. You may want to share this with your team when rolling out SMS chat ops so they recognize the number.Can a user opt out of SMS after enrolling?
Can a user opt out of SMS after enrolling?
Yes. Users can opt out of SMS at any time. Their status will change to “Opted Out” and they will no longer receive SMS messages. If the user later wants to re-enroll, they can contact their IT administrator to reset their SMS invite.
What happens if a user doesn't have access to their phone during an investigation?
What happens if a user doesn't have access to their phone during an investigation?
During a chat ops investigation, if a user indicates they don’t have access to their phone for MFA verification, Wirespeed will automatically escalate to their manager for verification instead.