threat_analyzer_-_mail_plugin
Differences
This shows you the differences between two versions of the page.
Next revision | Previous revisionNext revisionBoth sides next revision | ||
threat_analyzer_-_mail_plugin [2018/05/24 08:17] – created lucy | threat_analyzer_-_mail_plugin [2018/05/24 08:52] – [Incident Dashboard - Filters & Views] lucy | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ===== Phishing | + | ====== Phishing |
- | * **Dashboard Filter: | + | LUCY comes with a “Phish Alert” plugin for mail clients. This add-in gives your users a safe way to forward suspected Emails with only one click and have them analzed automatically by the threat analyzer in LUCY. The tool empowers users to proactively participate in an organization’s security program and makes it easy for your employees to report any suspicious email they receive. If you enabled "Send Reports Over HTTP", mail will get forwarded to LUCY. You will find them on the " |
- | {{ dl_ot2.png?600 }} | + | {{ threat0.png?600 }} |
- | * **Centralized Analysis:** This feature allows you to analyse the incoming mails manually or automatically (see next chapter) | ||
- | * **Centralized Campaign Reporting: | ||
- | * **Threat Mitigation**: | ||
- | * **Custom Regex & Score**: LUCY allows you to define custom rules to scan mails for specific keywords and flag them with a individual threat score. | ||
+ | ===== Incident Dashboard - Filters & Views ===== | ||
+ | **Filter by status:** At the top level, LUCY allows you to filter the reported mails by the status of the ticket: | ||
- | ===== Detection of real phishing mails vs. Phishing simulations ===== | + | {{ dl_ot2.png?600 }} |
- | The plugin automatically handles emails created in a phishing | + | The default status is " |
+ | * Open | ||
+ | * In Progress | ||
+ | * Dismissed | ||
+ | * Simulation | ||
+ | * Real Phishing | ||
+ | * Closed | ||
- | ===== Where are incidents (LUCY generated emails) from the plugin | + | The status can be set by the LUCY administrator after clicking on the detail of a reported |
- | If a user spots the phishing simulation and reports the email, you can see this information in various places: | + | {{ threat2.png? |
- | * Incident widget on the dashboard: | + | Lucy offers more filter and view options: |
- | {{ incident-dashboard.png?600 }} | + | |
+ | - Client: Every campaign is associated with a client. This feature is helpful for MSSP's or companies with multiple legal entities to quickly identify submitted reports from different sources. | ||
+ | - Date: You can use a date or date range to narrow down your search criteria | ||
+ | - Domain: This field relates to the sender domain used in the reported email (not the user who reports the Email) | ||
+ | - Minimum Score: The automatic risk score calculated in the system | ||
+ | - Campaign: If the Email is associated with a specific campaign from LUCY | ||
+ | - Select all View | ||
+ | - All fields are sortable | ||
+ | - Threat Details can be viewed by clicking on the date | ||
- | * Incident | + | {{ threat1.png? |
+ | ===== Automatic | ||
- | {{ incident-dashboardssa.png? | + | There are a few automatic analysis routines build into LUCY (e.g. check an IP in Google' |
- | + | ||
- | * Under the campaign statistics (recipients) under the " | + | |
- | + | ||
- | {{ incidents322.png? | + | |
- | + | ||
- | * If you want a comparison of all reported emails, you can export the whole campaign data via CSV. Within the CSV there is a reported column: | + | |
- | + | ||
- | {{ incidentsja21.png? | + | |
- | + | ||
- | In LUCY 4.4, the incidents reports will also be integrated on the dashboard under the general statistics. | + | |
- | + | ||
- | + | ||
- | ===== Centralized analysis ===== | + | |
- | + | ||
- | Once the mail has been reported by the user it will popup as an incident in LUCY in case you have enabled the HTTP option in LUCY. There are a few automatic analysis routines build into LUCY (e.g. check an IP in Google' | + | |
LUCY will automatically flag mail simulations. All other mails can then be manually verified by the administrator. All mails can be downloaded as .msg file and/or add an incident report. When you click on a reported mail you will first see the overall risk score. The overall risk score is a weighted average of the following score from different scans: | LUCY will automatically flag mail simulations. All other mails can then be manually verified by the administrator. All mails can be downloaded as .msg file and/or add an incident report. When you click on a reported mail you will first see the overall risk score. The overall risk score is a weighted average of the following score from different scans: | ||
Line 73: | Line 71: | ||
- | ===== Threat mitigation ===== | ||
- | The threat mitigation allows | + | ===== Detection of real phishing mails vs. Phishing simulations ===== |
+ | |||
+ | The plugin automatically handles emails created in a phishing simulations from LUCY: it will ensure that only reports of potentially malicious emails are delivered | ||
+ | |||
+ | |||
+ | ===== Where are incidents (LUCY generated emails) from the plugin reported? ===== | ||
+ | |||
+ | If a user spots the phishing simulation and reports the email, you can see this information in various places: | ||
+ | |||
+ | * Incident widget | ||
+ | |||
+ | {{ incident-dashboard.png? | ||
+ | |||
+ | * Incident tab: | ||
+ | |||
+ | {{ incident-dashboardssa.png? | ||
+ | |||
+ | * Under the campaign statistics (recipients) under the " | ||
+ | |||
+ | {{ incidents322.png? | ||
+ | |||
+ | * If you want a comparison | ||
+ | |||
+ | {{ incidentsja21.png? | ||
+ | |||
+ | In LUCY 4.4, the incidents reports will also be integrated on the dashboard under the general statistics. |
threat_analyzer_-_mail_plugin.txt · Last modified: 2019/07/25 12:49 by 127.0.0.1