In this section of the Lumu Portal, you can manage the analysis of email intelligence. This unique threat intelligence source can help you understand who adversaries are attempting to compromise in your organization and how they are being targeted, and will also help you make strategic and tactical decisions to disrupt the cycle.
Lumu unlocks the value of your inbox with 3 simple steps:
The Email Intelligence feature is a part of the Lumu paid subscription tiers, which offer you additional correlation capabilities, and overall better compromise detection.
Lumu will assign a unique email address to your organization in the Lumu Portal.
The next step is configuring your spam filtering solution to forward all your email metadata to the unique email address provided by Lumu. Below we provide guidance to some providers:
Related documentation:
If you need help to set up Email Intelligence for your company, or your email filtering solution requires a specific approach on forwarding inbox metadata to Lumu, contact our support team.
This section contains the configuration settings and a general overview of the inbox data analyzed. The Email Intelligence Activity visualization shows the total number of email messages analyzed by Lumu.
The Malicious Campaigns section allows you to drill down into detailed, factual data about the attack campaigns targeting your organization’s inbox. This information can help you adjust your cyber-defense and inform future investments.
In this area, you can see how many malicious campaigns target your company (1), the indicators of compromise (IoC), and the total number of recipients. The heat map (2) displays malicious campaign attack patterns to see when the adversaries are sending malicious messages. In the trends area, Lumu shows the distribution of IoCs (3) by threat type (Malware, Spam, Phishing, etc) and the top targeted recipients (4) of malicious campaigns in your organization.
In the Campaign Details area, you can see the malicious campaign grouped by subject and sender address (1) and their details, such as the number of emails (2), the quantity of IoCs (3), and the number of target recipients (4) of each campaign.
Figure 3 - Malicious Campaigns details - general.
You can click on a campaign to see more details such as all the email addresses targeted by the adversary with date and time (1), the domain of each IoCs found in the campaign (2), and the attachments hash information (3).
If you want to explore the IoC and its correlation with other network metadata sources, click on the magnifying glass icon to navigate to the Compromise Context area.
This is a comprehensive view of the distribution of the compromise activity (1) that Lumu detected in your inbox according to your assigned labels. You can click on the zoomable chart (3) to drill deeper into your labeled threat activity, which reveals how and where compromises are spreading inside an organization’s network infrastructure. You can filter (3) the threat information by label or date.
The Correlation Details show the list of IoCs grouped by domains with information regarding threat types (1), IoC details (2), the last time (3) Lumu found this threat in your inbox data, and the total of contacts (4) between the IoC and your infrastructure.
Click on an IoC domain to explore the Compromise Context area. This capability shows the IoC correlated with other metadata sources. This additional context will help to understand how a particular compromise is spreading and how long it has been in your network.
We recommend being familiar with Lumu Incident Response Playbooks that are based on the National Institute of Standards and Technology (NIST) Framework and include best practices for how to use Lumu to respond to specific attacks.
Know more about the Lumu Portal: