What are you Looking for?
Populate the sidearea with useful widgets. It’s simple to add images, categories, latest post, social media icon links, tag clouds, and more.
P: Phone:
E: Email:
A: Address:
Something wrong, please check the connection or the api config!
Usually into the company where we act as security operation we found a mailbox named irt,cert,csirt ecc where all indicidents arrives and it’s used also to communicate with users.
With new (good!) policies it’s no more possibile to connect using IMAP to account mail so we’re not able to retrieve incidents.
Into this account we normaly found:
So we’ve developed a script using Google script that send to our TheHive (incident response platform) every message that come into mailbox.
By using content in subject and body it can detect the case template (Phishing, Antivirus, Vulnerability, locked account..) and import all observables like IP, URL, DOMAIN, HASH to be analyzed with Cortex
To detect also the entired thread and replies from users it use reference header to link at the same case.
Bellow an example of the results:
Project are available at https://github.com/backloop-biz/Mail_to_TheHive and we’re happy to support other SOC to implement this solution.
For who needs support write to support@backloop.biz
We’re using this connector to manage automatically this alerts: