Let us assume that you are working in a SOC and are receiving hundreds of requests from end-users asking if an e-Mail is safe to open or not. In most cases, you would take the e-mail and submit it to Joe Sandbox in order to check its behavior report. If the respective e-mail showed signs of malicious attachment or URL, you would consequently inform the end-user.
Wouldn't it be nice if this whole process could be automated? Wouldn't it be great if you could choose to get notified about a detection or not, based on the analysis verdict or its score?
In this regard, we have good news for you! Joe Sandbox Mail Monitor
is exactly what you are looking for.
What exactly is Mail Monitor? Have a look at the diagram below:
To enable Mail Monitor you have to first create a new e-mail account with the name firstname.lastname@example.org. End-users will then forward suspicious e-Mails to the defined address. Mail Monitor will periodically fetch new e-mails from that account and submit them to Joe Sandbox. Joe Sandbox will fully dissect the e-mail and analyze all the attachments and URLs. As an example, see the report of a Phishing link below:
Once the analysis is complete, Mail Monitor will reply to the user with an e-Mail containing the verdict:
It will also add screenshots in the attachment.
SOCs, CIRTs and CERTs can fully customize the e-mail reply:
Furthermore, they can set alerts to get notified if a URL or an attachment has been detected as malicious or if a specific threat has been detected (Alerts can be customized down to the smallest detail).
Joe Sandbox Mail Monitor has been integrated into Joe Sandbox Desktop
and Cloud Pro
Interested in Joe Sandbox Mail Monitor and willing to try it? Contact us today and we will provide a trial