User Tools

Site Tools


Sidebar

LUCY MANUAL Applies to LUCY versions above 4.7

screener_overview

Screener Web UI Overview

Login Screen

Just a beautiful Login Screen. Nothing interesting, keep looking, stranger. If it is required to reset password, please use the first time configuration script.

Dashboard

A brief overview of the events related to incident reports.
It is possible to know the top 10 reported domains, top 10 reporters, and so on.

Incidents

The incidents can be:

  • Sorted by user's convenience
  • Reported as an abuse
  • Exported to CSV
  • Deleted
  • Status can be changed
  • Resolution can be changed

Simulations

The page that helps to review phishing simulations performed by LUCY.

Settings

General Settings

Shows the version of the product, Workstation ID. It is possible to change the Timezone, set the Dangerous Threshold Value, and allows not to record phishing simulations.

Users

Nothing special, just a user management page.
It is possible to add, change, or remove a user.
The same words but more here.

Yara Dictionaries

More here.

Yara Rules

More here.

Custom Rules

A webpage that allows configuring Custom Rules for score assigned to an incident.

Analyzer Score

TBD

Mail Templates

Within this section, user can add, edit and store mail templates for incident notifications, abuse emails and Autoresponder. There are already several pre-defined templates that Screener uses by default.

A new template can be created by clicking the +Add button. Fill in the Name and the Subject of the email then choose Template Type from the according drop-down. The email body can be either configured inside the built-in editor or uploaded in HTML format (the Upload HTML button). Mail template types are Auto Responder (the response that user receives after submitting report), Incident Expiration (notification reminder) and Abuse (email sent to hosting providers of phishing domains). All three types support unique variables that allow personalizing emails.

Abuse variables:

  1. %domain%
  2. %email%
  3. %time%

Incident Expiration variables:

  1. %expCount% (number of expired reports)

Auto Responder variables:

  1. %subject%
  2. %sender%
  3. %score%
  4. %domainScore%
  5. %headerAuthenticationScore%
  6. %regexScore%
  7. %spamAssassinScore%
  8. %yaraScore%

Mail Settings

TBD

Abuse Settings

TBD

Autoresponder Settings

TBD

Simulation Reporter Settings

TBD

Incident Expiration Reporter Settings

TBD

SSL

Menu to configure the SSL.

Logs

This web page allows downloading Screener logs. In the drop-down list there are 2 options:

  • Screener app logs
  • Nginx (Web Server) logs.

It is possible to download both.

Plugins

This add-in gives your users a safe way to forward suspected Emails with only one click and have them analyzed automatically in Screener. The tool empowers users to proactively participate in an organization’s security program and makes it easy for your employees to report any suspicious email they receive.

O365

The Outlook 365 button works the same as the Outlook client – just for the web-based Outlook access 365. For its work, it is necessary to have a network connection between LUCY and O365 server in case if you use a web browser as a client, and a network connection between Screener and user's workstation in case if a desktop client is used. The XML is the file that needs to be installed for O365.

More here.

MSI

Menu to configure the MSI plugin.
Detailed overview here.

screener_overview.txt · Last modified: 2021/04/28 01:32 by lucy