EdgeWave ThreatCheck is an automated email incident response service that addresses phishing attacks that reach user inboxes. The service enables employees to report suspicious emails through a one-click button, typically via an Outlook plug-in. The service combines automated machine learning and human analysis to investigate reported emails in real-time. When users submit suspicious messages, the system automatically moves them to a custom folder for evaluation. Users receive closed-loop communication with investigation results. ThreatCheck provides centralized management capabilities for SOC and IT administrators to configure notifications, view summary charts, and set up customized reports for processed emails and assigned categories. When a message is confirmed as malicious, the system performs instant removal from all user inboxes and automatically applies rules to the global policy. The dynamic quarantine mechanism evaluates untrusted content within submitted messages, including URLs and attachments. The service aims to reduce attacker dwell times and prevent email-borne malware from establishing a foothold in the network. The solution includes an Outlook plug-in that provides the reporting interface for end users and handles instant email quarantine functionality.