Skip to content
/ PIE Public
forked from LogRhythm-Labs/PIE

The Phishing Intelligence Engine - An Active Defense PowerShell Framework for Phishing Defense with Office 365

License

Notifications You must be signed in to change notification settings

DarkIntel/PIE

 
 

Repository files navigation

PIE

Phishing Intelligence Engine
LogRhythm Security Operations
greg . foss @ logrhythm . com
v1.0  --  November, 2017

Copyright 2017 LogRhythm Inc. - See licensing details below

[About]

Phishing Intelligence Engine

The Phishing Intelligence Engine (PIE) is a framework that will assist with the detection and response to phishing attacks. An Active Defense framework built around Office 365, that continuously evaluates Message Trace logs for malicious contents, and dynamically responds as threats are identified or emails are reported.

This framework is not officially supported by LogRhythm - use at your own risk!

Features:

- Analyze subjects, senders, and recipients using RegEx and Threat Feed correlation, to determine email risk.
- Automatically respond to attacks by quarantining mail, blocking senders, and checking for clicks.
- Sandbox analytics on all flagged email attachments and links.
- Dynamic Case Management integration and metrics tracking.
- Prevent sensitive data loss and verify corporate email security.

[Additional Information]

LogRhythm Blog Post: https://logrhythm.com/blog/phishing-intelligence-engine-open-source-release/

Blue Hat '17 Slides: Will be posted on 11/10/2017

Black Hat 2017 Slides: https://www.slideshare.net/heinzarelli/security-automation-and-orchestration

Security Weekly Webcast: https://www.youtube.com/watch?v=2oGMoGr4qBI

[Install and Usage]

There are multiple aspects of this framework that all work together to detect and respond to Phishing attacks:

The core of the Phishing Intelligence Engine - provides ongoing logging via the API, third party tool integrations, and automated email response.

The response arm of PIE. Quarantine mail, block senders, change credentials, check Office 365 configurations, and more.

List updater for ongoing tracking of spammer email addresses.

Analyst and Investigation Dashboards, which allow for searching and aggregation of Office 365 Data within the LogRhythm SIEM.

LogRhythm AIE alarm configurations and Threat List integrations.

Plugins that can be integrated with the LogRhythm SIEM, allowing for automated response to alarms.

Addon for Microsoft Outlook to allow for easy reporting of Phishing Attacks.

High level overview of the PIE architecture and workflow:

PIE Architecture

[License]

Copyright 2017 LogRhythm Inc.

PowerShell code is Licensed under the MIT License. See LICENSE file in the project root for full license information.

LogRhythm integrated code (SmartResponse and Dashboards) is license pursuant to the LogRhythm End User License Agreement located at https://logrhythm.com/about/logrhythm-terms-and-conditions/ (“License Agreement”) and by downloading and using this content you agree to the terms and conditons of the License Agreement unless you have a spearate signed end user license agreement with LogRhythm in which case that signed agreement shall covern your licensed use of this content. For purposes of the applicable end user license agreement, this content consistutes LogRhythm Software

About

The Phishing Intelligence Engine - An Active Defense PowerShell Framework for Phishing Defense with Office 365

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Languages

  • PowerShell 100.0%