This analyzer helps you investigate suspicious emails received from known or unknown senders to ensure that their email addresses aren't compromised.
No API key required.
If the email is compromised then it returns:
- Total breaches
- Most recent breach
- Breached data
- Critical data
- Exposure rating: The comparative data exposure and risk rating assigned to this email address.
$ git clone https://github.com/jonathan6661/Inoitsu-analyzer.git
$ cd Inoitsu-analyzer/Inoitsu
$ pip3 install -r requirementsAfter installing the requirements you need to add Inoitsu folder to /Cortex-Analyzers/analyzers/ folder.
$ cp -R Path_where_you_dowloaded_Inoitsu/Inoitsu-analyzer/Inoitsu Path_to_Cortex-Analyzers/Cortex-Analyzers/analyzers/Log into cortex with an account with the proper privilege level then navigate to >Organization>Analyzers and click on Refresh analyzers button.
Now as the analyzer has been added successfully to Cortex, you need to enable it.
Navigate to Analyzers then run Inoitsu analyzer.
Test Inoitsu analyzer on a compromised email address.
Test Inoitsu analyzer on an uncompromised email address.
Log into TheHIVE with an account with the proper privilege level then navigate to >USER>Report templates and make ctrl+f + Inoitsu
As shown, no template exists for Inoitsu Analyzer.
Add both short and long templates to Inoitsu analyzer
In the observables section add emails to test.
Then select the emails that you want to analyze, select Inoitsu and click on Run selected analyzers.
To view the report of the compromised email, click on Inoitsu:Compromised="True"
To view the report of the uncompromised email, click on Inoitsu:Compromised="False"
