Document toolboxDocument toolbox

Agari Phishing Defense collector

Service description

Agari Phishing defense is a cloud-based service that protects employees against phishing and Business Email Compromise (BEC) attacks.

The Devo Agari Phishing Defense integration collects data from the Agari API and ingests it into Devo where it is made available for analysts to query.

Data source description

The following data is ingested into Devo:

Data source

Description

API endpoint

Devo table

Data source

Description

API endpoint

Devo table

Message

Metadata about email messages processed by the Agari service.

/v1/ep/messages

mail.agari.phishing_defense.messages

Policy events

Details on policy events triggered by the Agari service.

/v1/ep/policy_events

mail.agari.phishing_defense.policy_events

Configuration

In order to configure the Devo Agari Phishing Defense integration you need to:

  1. Log in to your Agari product.

  2. Click on your username in the upper right and select Settings.

  3. Click on the Generate API Secret link to generate an API client_id and client_secret (the link will read Regenerate API Secret if you have already generated an API client ID/secret previously).

  4. Copy both the client_id and client_secret that are generated and store them somewhere safe.

Keep your client_id and client_secret secure.

API clients can use your client_id and client_secret to gain access to the APIs as your user. Keep these values somewhere safe and secure. Never share them with anyone.

For security purposes, the client_secret will not be displayed again, however, you can generate a new one whenever needed by following the steps above.

Running the collector

This collector is hosted by Devo. To start using it, get in touch with us.