Your other option is not to use a third party tool and save yourself money by using Googles default tools which are excellent, it is dealing with billions of email so has a lot of data to help identify trends.  You should make use of the Safety features in the the Google Admin Section under Gmail. Here you can set what you want to protect and what action you want to take for emails identified as spam. You can flag and deliver to mailbox, deliver to spam or put in a quarantine queue.

Depending on the Workspace version you have there are also advanced security and investigation tools which is very useful in picking up spam of phishing then searching across your domain to see what actions users took for example clicking on suspicious links and removing the email from everyone's mailbox. 

How do I integrate the report phising feature with the company SIEM/SOAR security systems?