Email Screener

Identify and respond to email threats faster with Automation

With Lucy’s Mail Screener you can easily spot, analyze and automatically delete or quarantine phishing emails. Significantly enhance your security analysts’ work by reducing the Mean Times to Detect, Acknowledge and Contain attacks and by eliminating false-positive alerts.

  • Mail Screener can improve your staff’s efficiency and reduce the time required in the management and triage of reported email incidents. By eliminating manual tasks with automation, Lucy’s Mail Screener can dramatically reduce the time to detect an ongoing attack and decrease the false-positive rate of alerts.
  • You can easily distribute your team’s workload of email analysis from within Mail Screener. Use limited and full access security roles to implement a multi-tiered incident response system based on the severity levels of your user-reported messages.
  • Mail Screener provides a multi-role single pane of glass view of all reported incidents, top threats and historical trends and access to its powerful work-flow engine. With Mail Screener’s native API, you can maximize your investments by leveraging integration into your current security stack: SIEM, tool sets, ticketing systems, and more.

Feature Overview:

YARA-Rule Manager Create simple text match rules, use built-in YARA rules, edit existing or create own YARA rules. Visual editor tailored to inexperienced users for creating simple YARA rules.
False-Positive Elimination This feature detects and automatically resolves all irrelevant events that pose no threat to a company and reduces the noise and time spent for manual processing.
Analysis Engine Header analysis suspicious ones, Domain and URL analysis of all URLs in email and detects malicious ones and Spam Assassin integration for mail body analysis.
Prioritization Engine Customizable rules that can categorize incoming events – phishing, safe, spam, simulation, etc.
Event Clustering Cluster analysis – detecting clusters of events as they arrive. Mail Screener analyzes incoming email content and detects similar patterns, joining events into named clusters, which can represent a single continuous or a long repeating attack.
Event Filter Filter unresolved events and process them – set resolution and status.
3rd Party Intelligence Integration with external threat sources:

  • Virustotal
  • Safebrowsing
  • Phishtank
  • URLhaus
SIEM Integration Integration with Splunk and other Log / SIEM System
Phishing Incident Plugin Users need a ‘Phishing Reporting Button’ to report suspicious messages. The LUCY Mail Screener seamlessly integrates with Lucy’s Email Add-in Button and works by forwarding emails to a dedicated mailbox.

You don’t need Lucy to configure the plugin, the configuration and download is available in the screener itself.

Event Autoresponder Automatically respond to events reported using a Phishing Button or by email as attachment forwarding.
User Reputation Updater Integration with Lucy for simulation reports – simulation reports are forwarded to Lucy installation to track reporting stats of a given user. Short: LUCY End-user Reputation is updated with the reporting of the user’s activity.
Message Preview Email preview – email screenshot without clickable links, etc
Event Expiration incoming events have a due date, until which they should be processed. The system notifies users if an event has not been processed until that time – automatically or manually.

Needs to be flagged in UI.

Analyst Roles Multiple user roles – analyst that is only able to view and react on events, main analyst that is able to edit rules, view-only – just a viewer, admin – is able to do everything.
On-Premise Option
  • On-premises software – installable software, no emails are shared with the software provider.
  • No corporation is willing to share his mails on an 3rd party platform!