User Tools

Site Tools


sample_plugin_configurations

Sample plugin configurations

When configuring Incidents Plugin one has a whole variety of features to choose from. That might be a bit stunning especially when talking about initial integration of the feature into personnel training workflow. However, there are several common use cases for the plugin and in order to make acquaintance with the feature more pleasant, we added some standard configurations below. Start with those and change tool configurations depending on the awareness strategy that you choose.

Config.1: All the reports come to Lucy web-interface

The standard configuration: all the reported emails (including phishing simulations) will appear under Incidents tab in Lucy web-interface.

There are two ways of configuration in such a case depending on the delivery method (HTTP or SMTP). For HTTP delivery method:

For SMTP delivery method: Please note that the email address should have the domain name which MX records point to LUCY.

Config.2: Reports only for real phishing emails in Lucy **Incidents**

The reports will appear at Lucy Incidents tab. No phishing simulations will be delivered, only real spam emails reported by the users.

There are two ways of configuration in such a case depending on the delivery method (HTTP or SMTP).

For HTTP delivery method:

For SMTP delivery method: Please note that the email address should have the domain name which MX records point to LUCY.

Config.3: All the reports come to custom mailbox

The standard configuration: all the reported emails (including phishing simulations) will be forwarded to the defined mailbox outside Lucy (custom mailbox) One can add several mailboxes divided by the semi-colon (;) to the email field. Reports will be forwarded to all of those. Please note that If Send reports via SMTP feature is enabled one cannot send emails to the same domain (e.g. "example.com") anymore: this setting will cause Lucy to intercept all the emails to "example.com" domain.

Config.4: Reports only for real phishing emails to a custom mailbox

The reports will be forwarded to a predefined custom Lucy mailbox and will not appear in Lucy web interface. Only real spam emails will be reported and reports for phishing simulations will be ignored. Please note that If Send reports via SMTP feature is enabled one cannot send emails to the same domain (e.g. "example.com") anymore: this setting will cause Lucy to intercept all the emails to "example.com" domain.

Config.5: Real spam emails are delivered to a custom mailbox and phishing simulations appear in Lucy web-interface

In order for Lucy phishing emails to appear in campaign statistics in Reported section, the simulation emails must be delivered to Lucy. None of the real emails will be forwarded to Lucy Incidents, but one will be able to see which users reported phishing simulations. Please note that such configuration also excludes the possibility of analysis for the reported emails (in case user reports a real spam email) inside Lucy. The reported emails will be forwarded only to the predefined mailbox. Please note that the email address should have the domain name which MX records point to LUCY.

Config.6: Reports are delivered to Lucy via SMTP from custom plugin

If recipients for some reason stick to using the good old plugin that has been built in the mail client for ages, one may configure Lucy to receive both attack simulations and real phishing reports from 3rd party plugin. Please note that the email address should have the domain name which MX records point to LUCY.

sample_plugin_configurations.txt · Last modified: 2021/09/03 15:28 by lucysecurity