Email Notifications

It is possible to get email notifications about completed scan reports. This can also be done selectively for reports with specific verdicts.

Please use your SMTP server credentials when configuring the following properties in /home/sandbox/sandbox/broker.cfg:

Bash
    
​x
    
############################## Email Notification settings## Note: use '--test-email' CLI to test the smtp settings#############################smtpServer=smtpPort=465smtpUser=smtpPass=smtpUseSSL=truesmtpUseStartTLS=falsesmtpDebugEnabled=true​# Note: set this to true, if the email notification feature should be turned onnotifyEmailsEnabled=true# Note: specify a list of emails separated by comma (e.g. "analyst1@domain.com,analyst2@domain.com")notifyEmails=notifyEmailsIgnoreDomains=​# Note: use 'ALL' to notify on any verdictnotifyEmailsOnVerdicts=LIKELY_MALICIOUS,MALICIOUS# Note: if enabled, whenever a report is generated for a msg/eml/rfc822 file, the "to" address is notified in addition to 'notifyEmails'notifyEmailSenderOfEmailFiles=falsenotifyEmailReceiverOfEmailFiles=falsenotifyEmailsDefaultSender=noreply@mydomain.com# Note: if enabled, whenever a report is generated for a msg/eml/rfc822 file, the "from" header will be set to the original sendernotifyEmailsUseOriginalSender=false# Note: the following placeholder may be used: $SHA-256# e.g. notifyEmailsIncludeUrlInAlert=https://www.filescan.io/search-result?query=$SHA-256notifyEmailsIncludeUrlInAlert=
Copy

This is an excerpt from an example email notification about a likely malicious scan report:

Bash
    
From: <noreply@filescan.io>Subject: [FSIO] Completed analysis for 'pafish.exe' (Task ID: 5f709158-c08f-4fb9-a43f-597873aedef2): { "verdict": "LIKELY_MALICIOUS", "threatLevel": 0.75, "confidence": 1 }​---------------------------- Analysis Overview ----------------------------​fsBroker version: 1.1.0-2f62d72​SHA-256: 9e7d694ed87ae95f9c25af5f3a5cea76188cd7c1c91ce49c92e25585f232d98e​Submit ID: d6809fa3-e226-4484-b07b-1f68ba259a46​Task ID: 5f709158-c08f-4fb9-a43f-597873aedef2​Date: 2023-10-291 07:52+0000291​submitName: pafish.exe​mediaType:​{  "string": "application/x-msdownload; format\u003dpe32",  "slash": 11,  "semicolon": 24,  "parameters": {    "format": "pe32"  }}​---------------------------- Report Overview ----------------------------​overallState:​"SUCCESS"​finalVerdict:​{  "verdict": "LIKELY_MALICIOUS",  "threatLevel": 0.75,  "confidence": 1}​allTags:​[  {    "source": "YARA_RULE",    "sourceIdentifier": "9e7d694ed87ae95f9c25af5f3a5cea76188cd7c1c91ce49c92e25585f232d98e",    "isRootTag": false,    "tag": {      "name": "anti-vm",      "synonyms": [],      "descriptions": [],      "verdict": {        "verdict": "UNKNOWN",        "threatLevel": 0,        "confidence": 1      }    }  },  {    "source": "OSINT_LOOKUP",    "sourceIdentifier": "9e7d694ed87ae95f9c25af5f3a5cea76188cd7c1c91ce49c92e25585f232d98e",    "tag": {      "name": "hlux",      "synonyms": [],      "descriptions": [],      "verdict": {        "verdict": "LIKELY_MALICIOUS",        "threatLevel": 0.75,        "confidence": 1      }    }  },  {    "source": "OSINT_LOOKUP",    "sourceIdentifier": "9e7d694ed87ae95f9c25af5f3a5cea76188cd7c1c91ce49c92e25585f232d98e",    "tag": {      "name": "khalesi",      "synonyms": [        "KPOT Stealer",        "kpot"      ],      "verdict": {        "verdict": "LIKELY_MALICIOUS",        "threatLevel": 0.75,        "confidence": 1      }    }  }]
Copy

Last updated on

Was this page helpful?

Email Notifications

This Website Uses Cookies

Functional Cookies

Performance Cookies

Strictly Necessary Cookies

Targeting Cookies