Email Notifications
It is possible to get email notifications about completed scan reports. This can also be done selectively for reports with specific verdicts.
Please use your SMTP server credentials when configuring the following properties in /home/sandbox/sandbox/broker.cfg:
x
############################## Email Notification settings## Note: use '--test-email' CLI to test the smtp settings#############################smtpServer=smtpPort=465smtpUser=smtpPass=smtpUseSSL=truesmtpUseStartTLS=falsesmtpDebugEnabled=true# Note: set this to true, if the email notification feature should be turned onnotifyEmailsEnabled=true# Note: specify a list of emails separated by comma (e.g. "analyst1@domain.com,analyst2@domain.com")notifyEmails=notifyEmailsIgnoreDomains=# Note: use 'ALL' to notify on any verdictnotifyEmailsOnVerdicts=LIKELY_MALICIOUS,MALICIOUS# Note: if enabled, whenever a report is generated for a msg/eml/rfc822 file, the "to" address is notified in addition to 'notifyEmails'notifyEmailSenderOfEmailFiles=falsenotifyEmailReceiverOfEmailFiles=falsenotifyEmailsDefaultSender=noreply@mydomain.com# Note: if enabled, whenever a report is generated for a msg/eml/rfc822 file, the "from" header will be set to the original sendernotifyEmailsUseOriginalSender=false# Note: the following placeholder may be used: $SHA-256# e.g. notifyEmailsIncludeUrlInAlert=https://www.filescan.io/search-result?query=$SHA-256notifyEmailsIncludeUrlInAlert=This is an excerpt from an example email notification about a likely malicious scan report:
From: <noreply@filescan.io>Subject: [FSIO] Completed analysis for 'pafish.exe' (Task ID: 5f709158-c08f-4fb9-a43f-597873aedef2): { "verdict": "LIKELY_MALICIOUS", "threatLevel": 0.75, "confidence": 1 }---------------------------- Analysis Overview ----------------------------fsBroker version: 1.1.0-2f62d72SHA-256: 9e7d694ed87ae95f9c25af5f3a5cea76188cd7c1c91ce49c92e25585f232d98eSubmit ID: d6809fa3-e226-4484-b07b-1f68ba259a46Task ID: 5f709158-c08f-4fb9-a43f-597873aedef2Date: 2023-10-291 07:52+0000291submitName: pafish.exemediaType:{ "string": "application/x-msdownload; format\u003dpe32", "slash": 11, "semicolon": 24, "parameters": { "format": "pe32" }}---------------------------- Report Overview ----------------------------overallState:"SUCCESS"finalVerdict:{ "verdict": "LIKELY_MALICIOUS", "threatLevel": 0.75, "confidence": 1}allTags:[ { "source": "YARA_RULE", "sourceIdentifier": "9e7d694ed87ae95f9c25af5f3a5cea76188cd7c1c91ce49c92e25585f232d98e", "isRootTag": false, "tag": { "name": "anti-vm", "synonyms": [], "descriptions": [], "verdict": { "verdict": "UNKNOWN", "threatLevel": 0, "confidence": 1 } } }, { "source": "OSINT_LOOKUP", "sourceIdentifier": "9e7d694ed87ae95f9c25af5f3a5cea76188cd7c1c91ce49c92e25585f232d98e", "tag": { "name": "hlux", "synonyms": [], "descriptions": [], "verdict": { "verdict": "LIKELY_MALICIOUS", "threatLevel": 0.75, "confidence": 1 } } }, { "source": "OSINT_LOOKUP", "sourceIdentifier": "9e7d694ed87ae95f9c25af5f3a5cea76188cd7c1c91ce49c92e25585f232d98e", "tag": { "name": "khalesi", "synonyms": [ "KPOT Stealer", "kpot" ], "verdict": { "verdict": "LIKELY_MALICIOUS", "threatLevel": 0.75, "confidence": 1 } } }]Was this page helpful?
