EmailRep is an API service provided by Sublime Security. EmailRep uses hundreds of data points from social media profiles, professional networking sites, dark web credential leaks, data breaches, phishing kits, phishing emails, spam lists, open mail relays, domain age and reputation, deliverability, and more to predict the risk of an email address.
This document provides information about the EmailRep connector, which facilitates automated interactions, with an EmailRep server and API using FortiSOAR™ playbooks. Add the EmailRep connector as a step in FortiSOAR™ playbooks and retrieves the reputation information of the email address that you have specified from EmailRep.
Connector Version: 1.0.0
Authored By: Fortinet
Certified: No
From FortiSOAR™ 5.0.0 onwards, use the Connector Store to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum command to install connectors. Connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and run the yum command as a root user to install connectors:
yum install cyops-connector-emailrep
For the detailed procedure to install a connector, click here
For the procedure to configure a connector, click here.
In FortiSOAR™, on the Connectors page, click the EmailRep connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:
Parameter | Description |
---|---|
Server URL | URL of the EmailRep server to which you will connect and perform the automated operations. |
API Key | API key used to query EmailRep.io. Important: API key is not required for basic queries until EmailRep.io determines that you have reached your usage threshhold. After this if you want to continue to use their services, you require to purchase their API key. |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True. |
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:
Function | Description | Annotation and Category |
---|---|---|
Get Email Address Reputation | Queries EmailRep.io and retrieves the reputation information of the email address that you have specified. | email_reputation Investigation |
Parameter | Description |
---|---|
Email Address | Email address whose reputation information you want to retrieve from EmailRep.io |
Get Human-Readable Summary | Select this option (default) so that EmailRep.io produces a human-readable summary of the reputation information for the email address you have specified. |
The output contains the following populated JSON schema:
{
"details": {
"free_provider": "",
"accept_all": "",
"disposable": "",
"spam": "",
"malicious_activity_recent": "",
"credentials_leaked_recent": "",
"suspicious_tld": "",
"valid_mx": "",
"spf_strict": "",
"days_since_domain_creation": "",
"last_seen": "",
"blacklisted": "",
"new_domain": "",
"malicious_activity": "",
"first_seen": "",
"domain_exists": "",
"deliverable": "",
"domain_reputation": "",
"credentials_leaked": "",
"dmarc_enforced": "",
"spoofable": "",
"data_breach": "",
"profiles": []
},
"reputation": "",
"references": "",
"suspicious": "",
"summary": "",
"email": ""
}
The Sample - EmailRep - 1.0.0
playbook collection comes bundled with the EmailRep connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in CyOPsTM after importing the EmailRep connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during the connector upgrade and delete.
EmailRep is an API service provided by Sublime Security. EmailRep uses hundreds of data points from social media profiles, professional networking sites, dark web credential leaks, data breaches, phishing kits, phishing emails, spam lists, open mail relays, domain age and reputation, deliverability, and more to predict the risk of an email address.
This document provides information about the EmailRep connector, which facilitates automated interactions, with an EmailRep server and API using FortiSOAR™ playbooks. Add the EmailRep connector as a step in FortiSOAR™ playbooks and retrieves the reputation information of the email address that you have specified from EmailRep.
Connector Version: 1.0.0
Authored By: Fortinet
Certified: No
From FortiSOAR™ 5.0.0 onwards, use the Connector Store to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum command to install connectors. Connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and run the yum command as a root user to install connectors:
yum install cyops-connector-emailrep
For the detailed procedure to install a connector, click here
For the procedure to configure a connector, click here.
In FortiSOAR™, on the Connectors page, click the EmailRep connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:
Parameter | Description |
---|---|
Server URL | URL of the EmailRep server to which you will connect and perform the automated operations. |
API Key | API key used to query EmailRep.io. Important: API key is not required for basic queries until EmailRep.io determines that you have reached your usage threshhold. After this if you want to continue to use their services, you require to purchase their API key. |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True. |
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:
Function | Description | Annotation and Category |
---|---|---|
Get Email Address Reputation | Queries EmailRep.io and retrieves the reputation information of the email address that you have specified. | email_reputation Investigation |
Parameter | Description |
---|---|
Email Address | Email address whose reputation information you want to retrieve from EmailRep.io |
Get Human-Readable Summary | Select this option (default) so that EmailRep.io produces a human-readable summary of the reputation information for the email address you have specified. |
The output contains the following populated JSON schema:
{
"details": {
"free_provider": "",
"accept_all": "",
"disposable": "",
"spam": "",
"malicious_activity_recent": "",
"credentials_leaked_recent": "",
"suspicious_tld": "",
"valid_mx": "",
"spf_strict": "",
"days_since_domain_creation": "",
"last_seen": "",
"blacklisted": "",
"new_domain": "",
"malicious_activity": "",
"first_seen": "",
"domain_exists": "",
"deliverable": "",
"domain_reputation": "",
"credentials_leaked": "",
"dmarc_enforced": "",
"spoofable": "",
"data_breach": "",
"profiles": []
},
"reputation": "",
"references": "",
"suspicious": "",
"summary": "",
"email": ""
}
The Sample - EmailRep - 1.0.0
playbook collection comes bundled with the EmailRep connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in CyOPsTM after importing the EmailRep connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during the connector upgrade and delete.