User Tools

Site Tools


LUCY MANUAL Applies to LUCY versions above 4.7


Screener Web UI Overview

Login Screen

Just a beautiful Login Screen. Nothing interesting, keep looking, stranger. If it is required to reset password, please use the first time configuration script.


A brief overview of the events related to incident reports.
It is possible to know the top 10 reported domains, top 10 reporters, and so on.


The incidents can be:

  • Sorted by user's convenience
  • Reported as an abuse
  • Exported to CSV
  • Deleted
  • Status can be changed
  • Resolution can be changed


The page that helps to review phishing simulations performed by LUCY.


General Settings

Shows the version of the product, Workstation ID. It is possible to change the Timezone, set the Dangerous Threshold Value, and allows not to record phishing simulations.


Nothing special, just a user management page.
It is possible to add, change, or remove a user.
The same words but more here.

Yara Dictionaries

More here.

Yara Rules

More here.

Custom Rules

A webpage that allows configuring Custom Rules for score assigned to an incident.

Analyzer Score


Mail Templates

Within this section, user can add, edit and store mail templates for incident notifications, abuse emails and Autoresponder. There are already several pre-defined templates that Screener uses by default.

A new template can be created by clicking the +Add button. Fill in the Name and the Subject of the email then choose Template Type from the according drop-down. The email body can be either configured inside the built-in editor or uploaded in HTML format (the Upload HTML button). Mail template types are Auto Responder (the response that user receives after submitting report), Incident Expiration (notification reminder) and Abuse (email sent to hosting providers of phishing domains). All three types support unique variables that allow personalizing emails.

Abuse variables:

  1. %domain%
  2. %email%
  3. %time%

Incident Expiration variables:

  1. %expCount% (number of expired reports)

Auto Responder variables:

  1. %subject%
  2. %sender%
  3. %score%
  4. %domainScore%
  5. %headerAuthenticationScore%
  6. %regexScore%
  7. %spamAssassinScore%
  8. %yaraScore%

Mail Settings


Abuse Settings


Autoresponder Settings


Simulation Reporter Settings


Incident Expiration Reporter Settings



Menu to configure the SSL.


This web page allows downloading Screener logs. In the drop-down list there are 2 options:

  • Screener app logs
  • Nginx (Web Server) logs.

It is possible to download both.


This add-in gives your users a safe way to forward suspected Emails with only one click and have them analyzed automatically in Screener. The tool empowers users to proactively participate in an organization’s security program and makes it easy for your employees to report any suspicious email they receive.


The Outlook 365 button works the same as the Outlook client – just for the web-based Outlook access 365. For its work, it is necessary to have a network connection between LUCY and O365 server in case if you use a web browser as a client, and a network connection between Screener and user's workstation in case if a desktop client is used. The XML is the file that needs to be installed for O365.

More here.


Menu to configure the MSI plugin.
Detailed overview here.

screener_overview.txt · Last modified: 2021/04/28 01:32 by lucy