Email Sources
Intel Exchange allows you to integrate email accounts into the dashboard. This dashboard locates the mailbox of a client and views the emails they share. When an email is received, you can view it in the Threat Mailbox. The application also allows you to create STIX packages based on the email reports directly from the Threat Mailbox.
Feature availability matrix
Intel Exchange Enterprise | Intel Exchange Lite | Intel Exchange Spoke |
|---|---|---|
Yes | No | No |
Add an Email Source
Add an email source to create STIX packages based on the email reports directly from the Threat Mailbox.
Before you Start
Ensure that you have View Feed Source, Create Feed Source, and Update Feed Source permissions.
Steps
To add an email account to the email feed source, follow these steps:
Go to Administration > Integration Management, and select Email under FEED SOURCES.
Click Add Email Source.
Enter a unique client name within 50 characters to identify the account for the emails received. For example, Cyware Threat Mailbox.
Select an account type from the drop-down. You can choose from IMAP, POP3, and EWS.
Specifying account types instructs the email configuration to access the email server with the selected protocol.
The selected account type protocol should be configured for the email account from the domain as well. The port number automatically appears as you select the account type. For more information, see Configure Threat Mailbox in CTIX using OAuth authentication for EWS.
Select SSL Encrypted to verify and secure the connection between the Intel Exchange and email servers.
If you disable this option, Intel Exchange may configure an instance for an expired SSL certificate. This may not establish the connection properly and Intel Exchange will not be able to notify you in case of a broken or improper connection. It is recommended to select this option.
Enter the email address or username to integrate it into Threat Mailbox. For example, john.doe@sampledomain.com.
Enter the password for the email authentication.
Enter a domain for the email account. This allows the Threat Mailbox to use the exact domain for the emails with the specified account type and port. For example, sampledomain.com.
To parse IOCs only from the title and the description of an email, select Parse IOCs only from visible content.
HTML tags in the email are not considered while parsing.
Click Save and Continue.
After you click Save and Continue, all the emails you receive on the entered email address appear in Threat Mailbox. By default, it displays your email address. Intel Exchange prompts you to configure the optional Advanced Settings. To configure these settings,see Configure Advanced Settings.
Manage Email Sources
You can perform the following activities after adding an email source.
Edit: Click the vertical ellipsis of an email source and select Edit to edit the configurations of the email source, such as account type and related port, updated password, add or remove any domains, and more.
Delete: Click the vertical ellipsis of an email source and select Delete to delete the email account and revoke access to the account's emails.
Search: Click Search or filter results to filter the email accounts by the created date range and status of the account.
Enable/Disable: Turn on or turn off the toggle switch to enable or disable the account. If you disable an account, you will not receive any emails from the selected account.