LUCY

User Tools

Site Tools

Trace:
outlook_plugin_phishing_incidents

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
outlook_plugin_phishing_incidents [2019/11/12 16:10] – [Using third-party plugin to report emails to LUCY] lucyoutlook_plugin_phishing_incidents [2019/12/13 12:37] – Never report phishing simulations for HTTP delivery added lucy
Line 67: Line 67:
 ^ Setting Name ^ Description ^ Outlook (MSI) ^ Office365 (XML) ^ Gmail ^ ^ Setting Name ^ Description ^ Outlook (MSI) ^ Office365 (XML) ^ Gmail ^
 | Send Reports Over HTTP | Enable this option, if you want the Outlook Plugin to send a copy of the reported phishing mail to LUCY (does not include emails from phishing simulations) and additionally add the statistical info about reported phishing emails to LUCY. |  +  |  +  |  +  | | Send Reports Over HTTP | Enable this option, if you want the Outlook Plugin to send a copy of the reported phishing mail to LUCY (does not include emails from phishing simulations) and additionally add the statistical info about reported phishing emails to LUCY. |  +  |  +  |  +  |
 +| Never report phishing simulations| No reports will be sent over HTTP if user reports a simulation email generated by Lucy. So the plugin will send only "real phishing" emails over HTTP. |  +  |  +  |  -  |
 | Send Reports over SMTP | Enable this option, if you want to forward the mail to the predefined mail address via SMTP. If enabled, the plugin will send the report to the email you provided on the same page. That is supposed to be your own email or the email of your security team. Please do not use this method at the same time with HTTP to send reports to LUCY, if you do not want to have duplicated reports. Only pick one delivery method. |  +  |  +  |  +  | | Send Reports over SMTP | Enable this option, if you want to forward the mail to the predefined mail address via SMTP. If enabled, the plugin will send the report to the email you provided on the same page. That is supposed to be your own email or the email of your security team. Please do not use this method at the same time with HTTP to send reports to LUCY, if you do not want to have duplicated reports. Only pick one delivery method. |  +  |  +  |  +  |
 | Use SMTP for receiving incident reports on Lucy| if enabled, Lucy will suppose it has to intercept emails that plugin sends over SMTP, so it configures the local postfix accordingly. All emails received will be added to incidents. If you do not enable this, even if the email configured points to Lucy, nothing will happen - Lucy won't wait for reports over SMTP. This option requires that the first e-mail in the "Email" field should be the e-mail of Lucy postfix server |  +  |  +  |  +  | | Use SMTP for receiving incident reports on Lucy| if enabled, Lucy will suppose it has to intercept emails that plugin sends over SMTP, so it configures the local postfix accordingly. All emails received will be added to incidents. If you do not enable this, even if the email configured points to Lucy, nothing will happen - Lucy won't wait for reports over SMTP. This option requires that the first e-mail in the "Email" field should be the e-mail of Lucy postfix server |  +  |  +  |  +  |
Line 314: Line 315:
 If you enable "send reports via SMTP" you cannot send emails to the same domain (e.g. "example.com") anymore: this setting will cause Lucy to intercept all your emails to "example.com" domain. If you remove the checkbox, then Lucy won't try to intercept emails for that domain and the feature will work as expected. Using "Send Reports Over SMTP" along with "Use SMTP for receiving incident reports on Lucy" is the other way to deliver phishing reports to Lucy. You can specify, for example, some custom email like lucy-phishing-reports@separatedomain.com as a primary email in Incidents settings, check both those checkboxes and point separatedomain.com MX records to Lucy. So all emails being sent to lucy-phishing-reports@separatedomain.com will be intercepted by Lucy, as well as emails sent from Outlook plugin - they will be added to "Incidents" page.  If you just want to receive a copy of incident report to your own email (yourname@example.com), that is not tied to Lucy, then you should keep "Use SMTP for receiving incident reports on Lucy" checkbox clear - in that case Lucy won't attempt to intercept anything and the plugin will just forward all reports to yourname@example.com. If you enable "send reports via SMTP" you cannot send emails to the same domain (e.g. "example.com") anymore: this setting will cause Lucy to intercept all your emails to "example.com" domain. If you remove the checkbox, then Lucy won't try to intercept emails for that domain and the feature will work as expected. Using "Send Reports Over SMTP" along with "Use SMTP for receiving incident reports on Lucy" is the other way to deliver phishing reports to Lucy. You can specify, for example, some custom email like lucy-phishing-reports@separatedomain.com as a primary email in Incidents settings, check both those checkboxes and point separatedomain.com MX records to Lucy. So all emails being sent to lucy-phishing-reports@separatedomain.com will be intercepted by Lucy, as well as emails sent from Outlook plugin - they will be added to "Incidents" page.  If you just want to receive a copy of incident report to your own email (yourname@example.com), that is not tied to Lucy, then you should keep "Use SMTP for receiving incident reports on Lucy" checkbox clear - in that case Lucy won't attempt to intercept anything and the plugin will just forward all reports to yourname@example.com.
  
-===== Using Your Own Plugin to Report Emails to LUCY =====+===== Using your own plugin to report emails to LUCY =====
  
 There is a possibility to use your own plugin to report emails to LUCY. There is a possibility to use your own plugin to report emails to LUCY.
 To do this you need: To do this you need:
-1. Configure your domain that is used for LUCY so that its MX records might point to LUCY +  - Configure your domain that is used for LUCY so that its MX records might point to LUCY 
-2. Configure an email address for receiving incident reports in Settings - Incidents Settings - Plugin Settings, this email address should use the domain configured on step 1. +  Configure an email address for receiving incident reports in Settings - Incidents Settings - Plugin Settings, this email address should use the domain configured on step 1. 
-3. Turn on check-boxes "Send Reports Over SMTP" and "Use SMTP for receiving incident reports on LUCY"+  Turn on check-boxes "Send Reports Over SMTP" and "Use SMTP for receiving incident reports on LUCY"
  
 After these steps are done you can forward any email as an attachment to the configured email address and LUCY will treat these emails as incident reports and display them on the "Incidents" page. After these steps are done you can forward any email as an attachment to the configured email address and LUCY will treat these emails as incident reports and display them on the "Incidents" page.
  
outlook_plugin_phishing_incidents.txt · Last modified: 2021/09/24 13:18 by lucysecurity