Lucy Awareness
Visit our WebsiteContact Support
  • Wiki Overview
  • Guides
    • Quick Guides
      • Create Your First Campaign
        • Adding a New Client
        • Register an Attack Domain
        • Campaign Setup
          • Selecting an Attack
          • Attack Settings
          • Awareness Settings
          • Recipients
          • Review
        • Whitelisting
    • Installing Lucy
      • On-Premise vs Cloud Installation
      • Architecture
      • Hardware Requirements
      • Network Communication
      • Installing Lucy
      • Post Installation
    • Manage Blacklisted Domains
      • Managing Google SafeBrowsing Alerts
    • Whitelisting a Lucy Server
      • Google Workspace Whitelisting
      • Microsoft O365 Whitelisting
      • File Attack Whitelisting
    • Attack Simulations
      • Attack Types
        • Data Entry Attack
        • Hyperlink Attack
        • File Attack
        • Portable Media
        • Smishing
        • Lures
        • QR Codes
        • Ransomware Emulation
        • Technical Malware Test
          • Malware Toolkit Test Suite
        • Mail & Web Filter Test
        • Email Spoofing Test
      • Attack Template Customization
      • Firewall Protection Interval
      • Email Tracking Technologies
      • Advanced Information Gathering
      • Regular Expressions in Login Fields
      • Copy a Website
      • Redirecting Users
    • Awareness Training
      • Awareness Template Customization
      • Awareness Only Campaigns
        • Using Multiple Awareness Trainings
      • Use extended method of tracking the end of the quiz
    • Reporting Plugin
      • Deploying Office 365
      • Deploying Outlook Native
      • Deploying Gmail
  • Application Screens Reference
    • Statistics Dashboard
    • Campaigns Dashboards
    • Campaigns
      • New Campaign
        • Wizard Mode
          • Selecting an Attack
          • Attack Settings
          • Awareness Settings
          • Recipients
          • Review
        • Expert Mode
      • Campaign Settings
        • Configuration
          • Base Settings
          • Awareness Settings
          • Attack Settings
          • Schedule
            • Schedule Plan
          • Recipients
        • Advanced Settings
          • User Settings
          • Filters
          • Custom Fields
          • Reminders
        • Campaign Checks
        • Logs
        • Results
          • Summary
          • Statistics
          • Reports
          • Exports
    • Templates
      • Attack Templates
      • Awareness Templates
      • File Templates
      • Report Templates
      • Campaign Templates
      • Training Diploma
      • Download templates
      • Variables in Lucy
    • Users
      • Recipient Groups
      • End Users
      • End User Portal Settings
      • Administrative Users
      • Reputation Levels
    • Settings
      • Common System Settings
        • Domains
          • Supported TLDs
        • Firewall
        • Web Proxy
        • Mail Settings
        • SMTP Servers
        • SSL Settings
          • SSL for Campaigns
        • SMS Settings
        • Filter Settings
        • API Whitelist
          • API Routes
        • LDAP Servers
          • LDAP Sync Tool
        • LDAP Settings
        • Azure Applications
        • Azure AD Settings
        • SSO Configuration
      • Advanced System Settings
        • Advanced Settings
        • SSH Password
      • Submitted Email Settings
        • Custom Rules & Score Factors
        • Abuse Reports
        • Incident Autoresponder
        • Plugin Settings
      • Clients
        • Client Invoices
        • Client Invoice Settings
      • Backup and Restore
        • Backup Settings
      • Benchmark Sectors
      • Whitelabeling
      • File Browser
    • Incidents
    • Support
      • Status
        • Status
        • System Monitoring
        • System Health Check
        • Notifications
      • System Tests
        • Test Email
        • Performance Test
        • Spam Test
        • Mail Spoofing Test
        • Mail and Web Filter Test
      • System Logs
      • Manual
      • Update
      • Reboot
      • Mail Manager
      • Terms & Conditions
    • Account Settings
      • Two Factor Authentication
      • License
      • Invoices
    • Notifications
  • Release Notes
    • 5.4
    • 5.3.5
    • 5.3.4
    • 5.3.3
    • 5.3.2
    • 5.3.1
    • 5.3
    • 5.2.1
    • 5.2
    • 5.1
    • 5.0
    • Version 4
      • 4.14
      • 4.13
      • 4.12.1
      • 4.11
      • 4.10.1
      • 4.9.5
      • 4.9.2
      • 4.9.1
  • Legal
    • EULA
    • Privacy Policy
    • DPA, Customer and Partner Info
    • Service Level Agreement
    • Confidentiality of Campaign Data
  • When to Contact Us
    • Contact Technical Support
Powered by GitBook
On this page
  • Phishing Incidents Dashboard
  • Dashboard Filters
  • Dashboard Actions
  • Detecting Simulations
  • Using Custom Plugins

Was this helpful?

  1. Application Screens Reference

Incidents

PreviousFile BrowserNextSupport

Last updated 2 months ago

Was this helpful?

Phishing Incidents Dashboard

The incidents dashboard centralizes the reporting and tracking of reported phishing incidents. It collects data on reported incidents, allowing security teams to analyze patterns, assess threat severity, and respond effectively.

Dashboard Filters

The dashboard provides a streamlined interface for quickly identifying potential threats and taking appropriate actions. Use filters to group your incidents by date, client, campaign, and severity.

Dashboard Actions

You can download or delete incidents straight from the dashboard, as well as forward them to your own reporting contacts.

Centralized Analysis

The Centralized Analysis feature enables both manual and automatic analysis of reported emails. This allows the security team to efficiently assess and categorize threats, enhancing the overall email security posture.

The summary page displays a weighted average of the Mail Server, Domain, and Body Analysis scores, as well as general information about the reported email. You can also view or download the reported message as either a .eml or .msg file from this page.

The overall risk score is calculated using data from the following sources:

  • DNS BL queries to bl.spamcop.netand zen.spamhaus.org

Reported emails from a LUCY campaign are automatically categorized as simulations, all others can be assigned a status to help keep your incidents organized.

When an incident is reported, the Mail Server Analysis feature examines the mail servers involved in the email's transmission to see if any of them appear on a blacklist.

When an incident is reported, all domains and IP addresses from the email header and body are extracted. LUCY then checks each IP and domain against public databases, such as Google's Safe Browsing and PhishTank, to identify any reported threats.


Detecting Simulations

LUCY differentiates between real and simulation emails. Reports on simulation emails are included in campaign statistics, but depending on your plugin settings they do not have to be included in the incidents dashboard.

LUCY identifies simulation emails via headers that it includes with every simulation email it sends. For example:

X-LucyVictimURL ...
X-LucyAltVictimURL ...
X-LucyScenarioID 123

Using Custom Plugins

The incident dashboard can be integrated into your organization's toolkit very easily. To use your own reporting plugin and still receive reports to the incident dashboard, follow these steps:

  1. Configure your reporting domain’s MX records to point to LUCY.

  2. Enable "Send Reports Over SMTP" and "Use SMTP for receiving incident reports on LUCY."

LUCY will listen on the reporter email's inbox and create incidents out of each email sent to that address.

Using "Send reports over SMTP" and "Use SMTP for receiving incident reports" will cause LUCY to intercept all its own emails to the reporter domain. In other words, recipients on the same domain as the reporter email will no longer receive any emails from LUCY.

Google Safebrowsing ()

Phishtank ()

CI Army ()

Cybercrime tracker ()

You can use online tools like or to check if any of your mail servers have been blacklisted.

When an incident is reported, LUCY checks the body of the message against your and assigns a score accordingly. On this page you can view all the score factors and rules that contributed to the overall score.

Set an email address for receiving incident reports in the .

https://safebrowsing.googleapis.com/v4/threatMatches:find
http://data.phishtank.com/data/online-valid.csv
http://cinsscore.com/
http://cybercrime-tracker.net/
https://mxtoolbox.com/blacklists.aspx
https://www.virustotal.com/gui/home/url
incident score factors
plugin settings