Welcome to SecOpsHub @Ken! My name is Josh Rickard and i’m a Security Research Engineer with Swimlane. You definitely came to the right place - I have extensive experience with automating phishing response.
Before I dive in, I have a couple questions:
- Are you trying to automate the remediation of reported phishing messages?
- Automate the detection of phishing messages?
- Or something else?
If you have a list of messages that you want to remove from users mailboxes or if you just want to search users mailboxes (if you’re using Exchange) you can use a new open-source Python package we just released for this!
This new package is called
py-ews and can be installed using
pip. You can find the documentation for this here: https://py-ews.readthedocs.io/en/latest/
This package will allow you to identify all mailboxes you have rights to search, search them, and remove the messages from the users inbox.
The biggest thing when it comes to phishing is having a way for users to report messages that they find suspicious. The next is to extract some information that you can either block at your firewall or another appliance/product. The next thing is to extract details about maybe who the hosting provider of a phishing link is and send automated take-down notices or gather that domains whois information and correlate it against other messages that have been reported or identified as malicious.
Honestly, you can take several avenues here but the biggest is having a way to take a reported message and remove it from other people’s mailbox that may have received the same message. This is where
py-ews comes in. If you need any help or run into any issues let me know!
I hope this helps, if you have further questions or can provide a bit more of your goals I can provide more detailed information.
Thanks and again Welcome to SecOpsHub!