Skip to content

This analyzer helps you investigate suspicious emails received from known or unknown senders to ensure that their email addresses aren't compromised.

Notifications You must be signed in to change notification settings

jonathan6661/Inoitsu-analyzer

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Inoitsu-analyzer

This analyzer helps you investigate suspicious emails received from known or unknown senders to ensure that their email addresses aren't compromised.

No API key required.

If the email is compromised then it returns:

  • Total breaches
  • Most recent breach
  • Breached data
  • Critical data
  • Exposure rating: The comparative data exposure and risk rating assigned to this email address.

Setting up the analyzer

$ git clone https://github.com/jonathan6661/Inoitsu-analyzer.git
$ cd Inoitsu-analyzer/Inoitsu
$ pip3 install -r requirements

After installing the requirements you need to add Inoitsu folder to /Cortex-Analyzers/analyzers/ folder.

$ cp -R Path_where_you_dowloaded_Inoitsu/Inoitsu-analyzer/Inoitsu Path_to_Cortex-Analyzers/Cortex-Analyzers/analyzers/

Setting up Inoitsu analyzer on Cortex

Log into cortex with an account with the proper privilege level then navigate to >Organization>Analyzers and click on Refresh analyzers button.

refresh

Now as the analyzer has been added successfully to Cortex, you need to enable it.

enable analyzer

Testing Inoitsu analyzer (Cortex)

Navigate to Analyzers then run Inoitsu analyzer.

run analyzer

Test Inoitsu analyzer on a compromised email address.

report

Test Inoitsu analyzer on an uncompromised email address.

uncompromised

Setting up Inoitsu analyzer templates on TheHive

Log into TheHIVE with an account with the proper privilege level then navigate to >USER>Report templates and make ctrl+f + Inoitsu

report template

As shown, no template exists for Inoitsu Analyzer.

Adding templates to TheHive

Add both short and long templates to Inoitsu analyzer

short

long

Testing Inoitsu analyzer (TheHive)

In the observables section add emails to test.

Then select the emails that you want to analyze, select Inoitsu and click on Run selected analyzers.

thehive iocs

response

To view the report of the compromised email, click on Inoitsu:Compromised="True"

analyzer report

To view the report of the uncompromised email, click on Inoitsu:Compromised="False"

analyzer report 2

About

This analyzer helps you investigate suspicious emails received from known or unknown senders to ensure that their email addresses aren't compromised.

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published