There are 3 types of email servers:
Enable Exchange account with app password
- Login to your Outlook on the web
- Click on your Profile icon on the top right and then My Microsoft Account
- Switch to Security
- Select Advanced Security Options
- Under App passwords, select Create a new app password. A new app password is generated and appears on your screen.
- Watch demo - How to connect your IMAP server to Devo SOAR
Enable Google account with app password
- Login to your Gmail
- Click on Settings icon on the top right and then See all Settings
- Switch to Forwarding and POP/IMAP
- Enable IMAP from IMAP Access
- Save Changes and come back to your Inbox
- Now, open your profile and Manage your Google Account
- Switch to Security
- Scroll down to Signing into Google and click on App Passwords
- Generate a new App password
For custom email server provider, follow as per their IMAP instructions.
Sign up to VirusTotal website and get API key.
- Watch demo - How to Connect VirusTotal to Devo SOAR
Sign up to HybridAnalysis website and get API key.
Sign up to MXToolBox website and get API key.
As of now, we can manually modify the following custom lists
phishing_common_attack_subject_lines- Used in subject analysis
phishing_urgency_word_list- Used in body analysis
- Watch demo - How to connect your SMTP server to Devo SOAR
Follow SMTP setup instructions similar to IMAP instructions.
This is required in order to send out the final phishing analysis report via email.
Right now, we can use System Integration Connection with Default case type
If asked for connection elsewhere (say in module), use the system generation integration connection.
- Simply send out some emails from <Attacker Email> to <Your Phishing Inbox>
- Vary emails with suspicious attachments, URLs, body & subject keywords
- Send emails from <Attacker Email> to <Victim Inbox>
- Download the .eml file for that email
- Send email from <Victim Inbox> to <Your Phishing Inbox> with original .eml attached
- Again, vary emails for different phishing attack scenarios
Updated about 1 month ago