Connect this data source on your own, using the Hunters platform.
TL;DR
Supported data types | 3rd party detection | Hunters detection | IOC search | Search | Table name | Log format | Collection method |
|---|---|---|---|---|---|---|---|
Ironscales Incidents | ✅ | ✅ | ironscales_incidents | NDJSON | API |
Overview
IRONSCALES is an integrated cloud email security (ICES) platform that provides businesses with a complete phishing protection software solution for enterprise email security. The IRONSCALESâ„¢ cloud-native, API-based email security platform is continuously learning, detecting, and remediating advanced threats at the mailbox level, before and after email delivery.
Integrating Ironscales into Hunters allows the collection and ingestion of key data types into the data lake. Furthermore, alerts will be created over the logs, auto-investigated and correlated to other related signals.
Supported data types
Ironscales Incidents
Table name: ironscales_incidents
Ironscales incidents are generated when the system detects email activities that deviate from the norm or match known threat patterns. These incidents can range from suspicious email content and phishing attempts to impersonation attacks and malware distribution. The incidents are flagged for review, and depending on the configuration, can be automatically remediated or escalated for further investigation by the security team.
📘Ironscales Incidents Collection Frequency
The Ironscales API allows the collection of Incidents on several time intervals, the least of which is 24 hours. Hence, Hunters are collecting the data on a daily basis.
Send data to Hunters
Hunters supports the collection of logs from Ironscales using API.
To connect Ironscales logs:
Acquire the following details from your Ironscales platform, following this guide:
Host- for exampleappapi.eu.ironscales.comCompany ID- for example12345Key- you API key📘Note
Please use the
company.allscopes for the API permissions.
Complete the process on the Hunters platform, following this guide.
Expected format
Ironscales Incidents
Logs are expected in JSON format.
{"company_id": 12345, "company_name": "company1", "incident_id": 123456, "classification": "Attack", "first_reported_by": "test person", "first_reported_date": "2023-07-04T09:29:29.317504Z", "affected_mailbox_count": 2, "sender_reputation": "low", "banner_displayed": "First Time Sender", "sender_email": "test-onsite@dialog.kern-sohn.com", "reply_to": "test-onsite@kern-sohn.com", "spf_result": "pass", "sender_is_internal": false, "themis_proba": 0.66, "themis_verdict": "Phishing", "mail_server": {"host": "demo.sendnode.com", "ip": "111.11.111.11"}, "federation": {"companies_affected": 0, "companies_marked_phishing": 0, "companies_marked_spam": 0, "companies_marked_fp": 0, "companies_unclassified": 0, "phishing_ratio": null}, "reports": [{"name": "abcd", "email": "test.hans@ch.test.com", "subject": "[EXT] Ihre pers00f6nliche, H00e4berle!", "sender_email": "test-onsite@dialog.com", "mail_server": {"host": "mda33e.test.com", "ip": "111.11.111.62"}, "headers": [{"name": "Received", "value": "from E456TGFE.eurprd01.prod.labs.com (2603:10a6:20b:4f5::22) by HGFDEW345678.eurprd01.prod.testlabs.com with HTTPS; Tue, 4 Jul 2023 09:22:38 +0000"}]}], "links": [{"url": "https://test.kern-sohn.com/-link2/21808/1912/10/185/577/MyiC5rLm/vPDkGTRThD/0/NTc3/TXlpQzVyTG0./dlBEa0dUUlRoRA../~?mc_phishing_protection_id=28398-cihu9n1tdqlcnmf2i590", "name": "Im Test 00f6ffnen"}, {"url": "https://dialog.kern-sohn.com/-link2/21808/1912/30/215/577/MyiC5rLm/vPDkGTRThD/0?mc_phishing_protection_id=28398-cihu9n1tdqlcnmf2i590", "name": "Datenschutz"}], "attachments": [{"file_name":"image001.jpg","file_size": 80630,"md5": "9caf02efad784208ccbeb99475ec20cd"},{"file_name": "image002.jpg","file_size": 91938,"md5": "551729e2e709e172d71f0bc8b5561ef4"}]}