Overview

Agari is an email protection product, protecting against phishing, business email compromise scams and other advanced email threats.

Integrating Agari into Hunters will allow collection and ingestion of key data types into the datalake. Furthermore, alerts will be created over the logs, auto-investigated and correlated to other related signals.

Supported data types

Agari's Phishing Defense API provides two data types.

  1. Messages - Information on every email message monitored by Agari, including information on the domain's reputation, attachment hashes for comparing with vetted IOC data and more.

  2. Policy Events - Various security policies in Agari will trigger on messages and will create policy events for messages from suspicious domains, external emails to C-Level personnel, etc.

Prerequisites

Generate a Client ID and API secret using the Agari console, following this guide, and share with Hunters.