User Tools

Site Tools


outlook_plugin_phishing_incidents

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
outlook_plugin_phishing_incidents [2019/11/12 16:11]
lucy [Using Your Own Plugin to Report Emails to LUCY]
outlook_plugin_phishing_incidents [2020/06/19 16:23] (current)
lucy [Configuration]
Line 8: Line 8:
   * Outlook 2013   * Outlook 2013
   * Outlook 2016   * Outlook 2016
 +  * Outlook 2019
   * Office365   * Office365
   * Office for Mac 2016   * Office for Mac 2016
 +  * Office for Mac 2019
   * Gmail   * Gmail
  
Line 25: Line 27:
 ===== Configuration ===== ===== Configuration =====
  
-The configuration of the plugin and phishing incidents is done within the settings menu (admin/settings/incident-settings) where you can define the settings for:+The configuration of the plugin and phishing incidents is done within the settings menu (**Admin/Settings/Incident Settings**) where you can define the settings for:
  
   * Custom Rules (create special rules with Regex filters to flag emails)   * Custom Rules (create special rules with Regex filters to flag emails)
Line 39: Line 41:
 **Plugin settings**: The following settings can be configured (this is a small selection; every LUCY release has its own settings. Please contact us for a full configuration tutorial): **Plugin settings**: The following settings can be configured (this is a small selection; every LUCY release has its own settings. Please contact us for a full configuration tutorial):
  
-{{ :plugin_settings_1.png?600 |}} +{{ :plugin-settings1.png?600 |}} 
-{{ :plugin_settings_2.png?600 |}} +{{ :plugin-settings2.png?600 |}} 
 +{{ :​plugin-settings3.png?​600 |}}
 ==== Appearance Settings ==== ==== Appearance Settings ====
  
Line 67: Line 69:
 ^ Setting Name ^ Description ^ Outlook (MSI) ^ Office365 (XML) ^ Gmail ^ ^ Setting Name ^ Description ^ Outlook (MSI) ^ Office365 (XML) ^ Gmail ^
 | Send Reports Over HTTP | Enable this option, if you want the Outlook Plugin to send a copy of the reported phishing mail to LUCY (does not include emails from phishing simulations) and additionally add the statistical info about reported phishing emails to LUCY. |  +  |  +  |  +  | | Send Reports Over HTTP | Enable this option, if you want the Outlook Plugin to send a copy of the reported phishing mail to LUCY (does not include emails from phishing simulations) and additionally add the statistical info about reported phishing emails to LUCY. |  +  |  +  |  +  |
 +| Never report phishing simulations| No reports will be sent over HTTP if user reports a simulation email generated by Lucy. So the plugin will send only "real phishing"​ emails over HTTP. |  +  |  +  |  -  |
 | Send Reports over SMTP | Enable this option, if you want to forward the mail to the predefined mail address via SMTP. If enabled, the plugin will send the report to the email you provided on the same page. That is supposed to be your own email or the email of your security team. Please do not use this method at the same time with HTTP to send reports to LUCY, if you do not want to have duplicated reports. Only pick one delivery method. |  +  |  +  |  +  | | Send Reports over SMTP | Enable this option, if you want to forward the mail to the predefined mail address via SMTP. If enabled, the plugin will send the report to the email you provided on the same page. That is supposed to be your own email or the email of your security team. Please do not use this method at the same time with HTTP to send reports to LUCY, if you do not want to have duplicated reports. Only pick one delivery method. |  +  |  +  |  +  |
 | Use SMTP for receiving incident reports on Lucy| if enabled, Lucy will suppose it has to intercept emails that plugin sends over SMTP, so it configures the local postfix accordingly. All emails received will be added to incidents. If you do not enable this, even if the email configured points to Lucy, nothing will happen - Lucy won't wait for reports over SMTP. This option requires that the first e-mail in the "​Email"​ field should be the e-mail of Lucy postfix server |  +  |  +  |  +  | | Use SMTP for receiving incident reports on Lucy| if enabled, Lucy will suppose it has to intercept emails that plugin sends over SMTP, so it configures the local postfix accordingly. All emails received will be added to incidents. If you do not enable this, even if the email configured points to Lucy, nothing will happen - Lucy won't wait for reports over SMTP. This option requires that the first e-mail in the "​Email"​ field should be the e-mail of Lucy postfix server |  +  |  +  |  +  |
Line 74: Line 77:
 | Inline Message Forwarding | If true, the plugin will clear the body of the forwarded email when sending the report via SMTP. |  +  |  +  |  -  | | Inline Message Forwarding | If true, the plugin will clear the body of the forwarded email when sending the report via SMTP. |  +  |  +  |  -  |
 | Deeper Analysis Request | If true, the plugin will ask the user whether to request deeper analysis of the reported phishing mail. |  +  |  +  |  -  | | Deeper Analysis Request | If true, the plugin will ask the user whether to request deeper analysis of the reported phishing mail. |  +  |  +  |  -  |
 +| Enable Comment to Deeper Analysis Request | If Deeper Analysis Request is true, the plugin will offer to the user an additional text box where the user can type any comment to the deeper analysis request. Additionally the user can configure a custom text that will appear instead of "​Yes"​ or "​NO"​ labels on the buttons |  +  |  -  |  -  |
 | Send reported mail attachment in EML format | Reported email message will be sent as an *.eml attachment. |  +  |  +  |  +  | | Send reported mail attachment in EML format | Reported email message will be sent as an *.eml attachment. |  +  |  +  |  +  |
 | Disable Autoresponder for reports | If true, LUCY will not send an automatic email to a user as a reaction to report. |  +  |  +  |  +  | | Disable Autoresponder for reports | If true, LUCY will not send an automatic email to a user as a reaction to report. |  +  |  +  |  +  |
 +| Enable moving reported emails | If true, the plugin will move reported emails to the folder specified in "Move reported emails to" textbox instead of deleting the reported emails |  +  |  -  |  -  |
 | Notify of Expired Incidents | Check this to receive notification if there are reports older than 30 days. This notification will be delivered via email. |  +  |  +  |  +  | | Notify of Expired Incidents | Check this to receive notification if there are reports older than 30 days. This notification will be delivered via email. |  +  |  +  |  +  |
  
Line 145: Line 150:
  
 ===== Deployment on Apple Computer ===== ===== Deployment on Apple Computer =====
-Microsoft has "​Office for Mac 2016" product, which requires the O365 account to run. When you open Outlook application on Mac, it fetches all plugins from the corresponding O365 account and shows them in the interface, so the plugin is available both in the web interface and on Mac. Therefore, you first need to install the plugin in O365 before you set it up on a MAC.+Microsoft has "​Office for Mac" product, which requires the O365 account to run. When you open Outlook application on Mac, it fetches all plugins from the corresponding O365 account and shows them in the interface, so the plugin is available both in the web interface and on Mac. Therefore, you first need to install the plugin in O365 before you set it up on a MAC.
  
 Outlook 365 sequence: Outlook 365 sequence:
Line 250: Line 255:
   * DNS BL queries to bl.spamcop.net and zen.spamhaus.org   * DNS BL queries to bl.spamcop.net and zen.spamhaus.org
   * CI Army (list) (http://​cinsscore.com/​) - Network security Block Lists.   * CI Army (list) (http://​cinsscore.com/​) - Network security Block Lists.
-  * Palevo Blocklists (https://​palevotracker.abuse.ch/​blocklists.php) - Botnet C&C blocklists. 
   * Cybercrime tracker (http://​cybercrime-tracker.net/​) -   * Cybercrime tracker (http://​cybercrime-tracker.net/​) -
  
outlook_plugin_phishing_incidents.1573571488.txt.gz · Last modified: 2019/11/12 16:11 by lucy