PhishER Rules/Actions - what are ya'll doing?

Hi everyone,

First post! We recently purchased KnowB4’s PhishER platform and I Was hoping to see if anyone else is using the tool?

I’m really interested in leveraging the tool to it’s fullest potential. One of the Yara rules we wrote was to auto tag emails as spam if the SCL was between 5-9. I disabled this task because if left as is, it leaves room to accidentally flag THREAT emails as SPAM (as a phishing email could have an SCL of 5-9).

Curious if anyone has feedback for additional logic to add that would help to differentiate a true spam rule vs. a rule that might accidentally capture threats?

rule code below.

Appreciate it!

rule default {

           meta:

author = “AZope”
description = “if SCL value more than 5”

strings:
$a = “SCL:5”
$b = “SCL:6”
$c = “SCL:7”
$d = “SCL:8”
$e = “SCL:9”

condition:
any of them
}

1 Like

We had to create some rules for official training emails. We also added some rules for rules very specific to certain types of emails. Emails around ach scams and such.

1 Like

Featured Webinars


Advanced Phishing and
Training

Monday 1:30 PM – 2:30 PM
» Learn More
Outlook Phish Alert Button
Tuesday 1:30 PM – 2:30 PM
» Learn More
Customizing Phishing Templates, Landing Pages, & Training Notifications
Wednesday 1:30 PM – 2:30 PM
» Learn More
Active Directory Integration
(ADI) Setup

Thursday 1:30 PM – 2:30 PM
» Learn More
Gold/Platinum/Diamond
Features

Friday 1:30 PM – 2:30 PM
» Learn More

Privacy Policy | Terms of Service