Versions Compared

Old Version 2

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Juan Tomás Alonso Nieto

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The following data is ingested into Devo:

Data source

Description

API endpoint

Devo table

Message

Metadata about email messages processed by the Agari service.

/v1/ep/messages

mail.agari.phishing_defense.messages

Policy events

Details on policy events triggered by the Agari service.

/v1/ep/policy_events

mail.agari.phishing_defense.policy_events

Configuration

In order to configure the Devo Agari Phishing Defense integration you need to:

...

For security purposes, the client_secret will not be displayed again, however, you can generate a new one whenever needed by following the steps above.

Running the collector

This collector is hosted by Devo. To start using it, get in touch with us.We use a piece of software called Collector Server to host and manage all our available collectors.

To enable the collector for a customer:

  1. In the Collector Server GUI, access the domain in which you want this instance to be created

  2. Click Add Collector and find Agari Phishing Defense - Integrations Factory.

  3. In the Version field, select the latest value.

  4. In the Collector Name field, set the value you prefer (this name must be unique inside the same Collector Server domain).

  5. In the sending method select Direct Send. Direct Send configuration is optional for collectors that create Table events, but mandatory for those that create Lookups.

  6. In the Parameters section, establish the Collector Parameters as follows below:

Editing the JSON configuration

Code Block
{
   "agari_phishing_defense": {
      "id": 111,
      "enabled": true,
      "requests_per_second": 5,
      "credentials": {
         "client_id": "<INSERT AGARI CLIENT ID>",
         "client_secret": "<INSERT AGARI CLIENT SECRET>"
      },
      "services": {
         "policies": {
            "request_period_in_seconds": 60,
         },
         "messages": {
            "request_period_in_seconds": 60,
         }
      }
   }
}
Info

All defined service entities will be executed by the collector. If you do not want to run any of them, just remove the entity from the services object.

...

Change log

Release

Released on

Release type

Details

Recommendations

v1.2.0

Aug 29, 2023

Status
colourYellow
titleIMPROVEMENTS

Upgraded DCSDK from 1.1.4 to 1.9.2

  • Store lookup instances into DevoSender to avoid creation of new instances for the same lookup

  • Ensure service_config is a dict into templates

  • Ensure special characters are properly sent to the platform

  • Changed log level to some messages from info to debug

  • Changed some wrong log messages

  • Upgraded some internal dependencies

  • Changed queue passed to setup instance constructor

  • Added log traces for knowing the execution environment status (debug mode)

  • Fixes in the current puller template version

  • Improved log trace details when runtime exceptions happen

  • Refactored source code structure

  • New “templates” functionality

  • Functionality for detecting some system signals for starting the controlled stopping

  • Input objects sends again the internal messages to devo.collectors.out table

  • Upgraded DevoSDK to version 3.6.4 to fix a bug related to a connection loss with Devo

  • Refactored source code structure

  • Changed way of executing the controlled stopping

  • Minimized probabilities of suffering a DevoSDK bug related to “sender” to be null

  • Ability to validate collector setup and exit without pulling any data

  • Ability to store in the persistence the messages that couldn’t be sent after the collector stopped

  • Ability to send messages from the persistence when the collector starts and before the puller begins working

  • Ensure special characters are properly sent to the platform

  • Added a lock to enhance sender object

  • Added new class attrs to the setstate and getstate queue methods

  • Fix sending attribute value to the setstate and getstate queue methods

  • Added log traces when queues are full and have to wait

  • Added log traces of queues time waiting every minute in debug mode

  • Added method to calculate queue size in bytes

  • Block incoming events in queues when there are no space left

  • Send telemetry events to Devo platform

  • Upgraded internal Python dependency Redis to v4.5.4

  • Upgraded internal Python dependency DevoSDK to v5.1.3

  • Fixed obfuscation not working when messages are sent from templates

  • New method to figure out if a puller thread is stopping

  • Upgraded internal Python dependency DevoSDK to v5.0.6

  • Improved logging on messages/bytes sent to Devo platform

  • Fixed wrong bytes size calculation for queues

  • New functionality to count bytes sent to Devo Platform (shown in console log)

  • Upgraded internal Python dependency DevoSDK to v5.0.4

  • Fixed bug in persistence management process, related to persistence reset

  • Aligned source code typing to be aligned with Python 3.9.x

  • Inject environment property from user config

  • Obfuscation service can be now configured from user config and module definiton

  • Obfuscation service can now obfuscate items inside arrays

  • Ensure special characters are properly sent to the platform

  • Changed log level to some messages from info to debug

  • Changed some wrong log messages

  • Upgraded some internal dependencies

  • Changed queue passed to setup instance constructor

  • Upgrade internal dependencies

Recommended version

v1.1.0

Status
colourGreen
titleFEATURES
Status
colourYellow
titleVULNS

This release includes the following changes:

  • The resilience has been improved with a new feature that restart the collector when the Devo connections is lost and it cannot be recovered.

  • All critical and high vulnerabilities have been mitigated.

Recommended version