Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New cont3xt integration : emailrep.io #2770

Open
WilliamSalusky opened this issue Apr 30, 2024 · 0 comments
Open

New cont3xt integration : emailrep.io #2770

WilliamSalusky opened this issue Apr 30, 2024 · 0 comments
Assignees
@TobySalusky
Labels
cont3xt enhancement
Milestone
5.4

Comments

@WilliamSalusky
Copy link
Collaborator

This integration applies to the EMAIL indicator type only.

An API Key for this integration is optional, but improved query quota if you register a free account. There should be an emailrep.io section to store an API key.

This integration should have a display Card.

Sample results:

{
    "email": "notarealuser@gmail.com",
    "reputation": "high",
    "suspicious": false,
    "references": 8,
    "details": {
        "blacklisted": false,
        "malicious_activity": false,
        "malicious_activity_recent": false,
        "credentials_leaked": true,
        "credentials_leaked_recent": false,
        "data_breach": true,
        "first_seen": "01/01/2013",
        "last_seen": "10/03/2020",
        "domain_exists": true,
        "domain_reputation": "n/a",
        "new_domain": false,
        "days_since_domain_creation": 10487,
        "suspicious_tld": false,
        "spam": false,
        "free_provider": true,
        "disposable": false,
        "deliverable": true,
        "accept_all": false,
        "valid_mx": true,
        "primary_mx": "gmail-smtp-in.l.google.com",
        "spoofable": true,
        "spf_strict": false,
        "dmarc_enforced": false,
        "profiles": [
            "linkedin",
            "gravatar",
            "twitter"
        ]
    }
}

{
    "email": "whodat@purple.org",
    "reputation": "low",
    "suspicious": true,
    "references": 0,
    "details": {
        "blacklisted": false,
        "malicious_activity": false,
        "malicious_activity_recent": false,
        "credentials_leaked": false,
        "credentials_leaked_recent": false,
        "data_breach": false,
        "first_seen": "never",
        "last_seen": "never",
        "domain_exists": true,
        "domain_reputation": "low",
        "new_domain": false,
        "days_since_domain_creation": 10470,
        "suspicious_tld": false,
        "spam": false,
        "free_provider": false,
        "disposable": false,
        "deliverable": true,
        "accept_all": false,
        "valid_mx": true,
        "primary_mx": "ASPMX.L.GOOGLE.COM",
        "spoofable": true,
        "spf_strict": false,
        "dmarc_enforced": false,
        "profiles": []
    }
}

  • calculate the sum of these keys that are True: (for use on the integration icon)

    "details".[ "blacklisted", "malicious_activity", malicious_activity_recent", "credentials_leaked", "credentials_leaked_recent", "data_breach", "new_domain", "suspicious_tld", "spam", "accept_all", "spoofable" ]

  • Create a badge for these keys if True, badge will contain the key name on red:

        "free_provider": false,
        "disposable": false,
        "domain_reputation": "low",
        "days_since_domain_creation": 10470,
  • other things:
    "domain_exists": true,

    "first_seen"
    "last_seen"

more to add... didn't want to lose the thought
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@TobySalusky TobySalusky

Labels
cont3xt enhancement
Projects
DO IT!
Status: Todo
Milestone
5.4
Development

No branches or pull requests
3 participants
@WilliamSalusky @awick @TobySalusky