We recently implemented PhishER and have a few items that I'm looking for solutions for.
1. Reporting out of PhishER. I'd like to pull metrics such as emails analyzed, VT data, # of messages quarantined vs. deleted, etc. I don't see any information for PhishER in the API. Is there a way to extract this data to run reports on it? If not, is this something that's on the roadmap? This would be very powerful for my InfoSec reviews where I can showcase the value and functionality of one of our tools to our executive team.
2. In O365 Mail Trace, we can detect when an email has been spoofed. Is it possible to create a YARA rule that will tie into that O365 data, since KB4 is already authenticated to use it, to tag spoofed emails that were reported?
3. I'd like to whitelist certain domains from the reporting screen. Our company signature is being tagged on each one and is skewing metrics significantly based on our own marketing campaigns attached to signatures. I'm working on removing the signature from applying when heading to the PhishER inbox, but initial tests proved unsuccessful. Is there a way to address this in PhishER to get more meaningful and accurate reporting metrics?
Please sign in to leave a comment.