threat_analyzer_-_mail_plugin
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionLast revisionBoth sides next revision | ||
threat_analyzer_-_mail_plugin [2018/05/24 08:52] – [Incident Dashboard - Filters & Views] lucy | threat_analyzer_-_mail_plugin [2019/06/03 16:57] – lucy | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== Phishing Incidents (threat analyzer) ====== | ====== Phishing Incidents (threat analyzer) ====== | ||
- | LUCY comes with a “Phish Alert” plugin for mail clients. This add-in gives your users a safe way to forward suspected Emails with only one click and have them analzed | + | LUCY comes with a “Phish Alert” plugin for mail clients. This add-in gives your users a safe way to forward suspected Emails with only one click and have them analyzed |
{{ threat0.png? | {{ threat0.png? | ||
Line 10: | Line 10: | ||
**Filter by status:** At the top level, LUCY allows you to filter the reported mails by the status of the ticket: | **Filter by status:** At the top level, LUCY allows you to filter the reported mails by the status of the ticket: | ||
- | {{ dl_ot2.png?600 }} | + | {{: |
- | The default status is " | + | The default status is " |
* Open | * Open | ||
Line 37: | Line 37: | ||
- Threat Details can be viewed by clicking on the date | - Threat Details can be viewed by clicking on the date | ||
- | {{ threat1.png? | + | |
===== Automatic Incident Analysis (Threat Analyzer) ===== | ===== Automatic Incident Analysis (Threat Analyzer) ===== | ||
There are a few automatic analysis routines build into LUCY (e.g. check an IP in Google' | There are a few automatic analysis routines build into LUCY (e.g. check an IP in Google' | ||
- | LUCY will automatically flag mail simulations. All other mails can then be manually verified by the administrator. All mails can be downloaded as .msg file and/or add an incident report. When you click on a reported mail you will first see the overall risk score. The overall risk score is a weighted average of the following score from different scans: | + | LUCY will automatically flag mail simulations. All other emails |
* Header Analysis | * Header Analysis | ||
Line 56: | Line 56: | ||
The current sources (LUCY 3.7) are: | The current sources (LUCY 3.7) are: | ||
- | * https://safebrowsing.googleapis.com/v4/threatMatches: | + | * https://developers.google.com/ |
* http:// | * http:// | ||
* DNS BL queries to bl.spamcop.net and zen.spamhaus.org | * DNS BL queries to bl.spamcop.net and zen.spamhaus.org | ||
* CI Army (list) (http:// | * CI Army (list) (http:// | ||
- | * Palevo Blocklists (https:// | ||
* Cybercrime tracker (http:// | * Cybercrime tracker (http:// | ||
Line 74: | Line 73: | ||
===== Detection of real phishing mails vs. Phishing simulations ===== | ===== Detection of real phishing mails vs. Phishing simulations ===== | ||
- | The plugin automatically handles emails created in a phishing | + | The plugin automatically handles emails created in a phishing |
Line 87: | Line 86: | ||
* Incident tab: | * Incident tab: | ||
- | {{ incident-dashboardssa.png?600 }} | + | {{: |
* Under the campaign statistics (recipients) under the " | * Under the campaign statistics (recipients) under the " | ||
Line 97: | Line 96: | ||
{{ incidentsja21.png? | {{ incidentsja21.png? | ||
- | In LUCY 4.4, the incidents | + | In LUCY, the incident |
threat_analyzer_-_mail_plugin.txt · Last modified: 2019/07/25 12:49 by 127.0.0.1