Agari Phishing Defense collector
Service description
Agari Phishing defense is a cloud-based service that protects employees against phishing and Business Email Compromise (BEC) attacks.
The Devo Agari Phishing Defense integration collects data from the Agari API and ingests it into Devo where it is made available for analysts to query.
Data source description
The following data is ingested into Devo:
Data source | Description | API endpoint | Devo table |
---|---|---|---|
Message | Metadata about email messages processed by the Agari service. |
|
|
Policy events | Details on policy events triggered by the Agari service. |
|
|
Configuration
In order to configure the Devo Agari Phishing Defense integration you need to:
Log in to your Agari product.
Click on your username in the upper right and select Settings.
Click on the Generate API Secret link to generate an API
client_id and client_secret
(the link will read Regenerate API Secret if you have already generated an API client ID/secret previously).Copy both the
client_id
andclient_secret
that are generated and store them somewhere safe.
Keep your client_id
and client_secret
secure.
API clients can use your client_id
and client_secret
to gain access to the APIs as your user. Keep these values somewhere safe and secure. Never share them with anyone.
For security purposes, the client_secret
will not be displayed again, however, you can generate a new one whenever needed by following the steps above.
Running the collector
We use a piece of software called Collector Server to host and manage all our available collectors.
To enable the collector for a customer:
In the Collector Server GUI, access the domain in which you want this instance to be created
Click Add Collector and find Agari Phishing Defense - Integrations Factory.
In the Version field, select the latest value.
In the Collector Name field, set the value you prefer (this name must be unique inside the same Collector Server domain).
In the sending method select Direct Send. Direct Send configuration is optional for collectors that create
Table
events, but mandatory for those that createLookups
.In the Parameters section, establish the Collector Parameters as follows below:
Editing the JSON configuration
{
"agari_phishing_defense": {
"id": 111,
"enabled": true,
"requests_per_second": 5,
"credentials": {
"client_id": "<INSERT AGARI CLIENT ID>",
"client_secret": "<INSERT AGARI CLIENT SECRET>"
},
"services": {
"policies": {
"request_period_in_seconds": 60,
},
"messages": {
"request_period_in_seconds": 60,
}
}
}
}
All defined service entities will be executed by the collector. If you do not want to run any of them, just remove the entity from the services
object.
Change log
Release | Released on | Release type | Details | Recommendations |
---|---|---|---|---|
|
| IMPROVEMENTS | Upgraded DCSDK from 1.1.4 to 1.9.2
|
|
| Jun 24, 2022 | FEATURES VULNS | This release includes the following changes:
|
|