detecting-spearphishing-with-email-gateway

Featured

Spearphishing targets specific individuals using personalized, researched content that bypasses generic spam filters. Email security gateways (SEGs) like Microsoft Defender for Office 365, Proofpoint,

AI & Automation 12,642 stars 1468 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Detecting Spearphishing with Email Gateway ## Overview Spearphishing targets specific individuals using personalized, researched content that bypasses generic spam filters. Email security gateways (SEGs) like Microsoft Defender for Office 365, Proofpoint, Mimecast, and Barracuda provide advanced detection capabilities including behavioral analysis, URL detonation, attachment sandboxing, and impersonation detection. This skill covers configuring these gateways to detect and block targeted phishing attacks. ## When to Use - When investigating security incidents that require detecting spearphishing with email gateway - When building detection rules or threat hunting queries for this domain - When SOC analysts need structured procedures for this analysis type - When validating security monitoring coverage for related attack techniques ## Prerequisites - Access to email security gateway admin console - Understanding of email flow architecture (MX records, transport rules) - Familiarity with SPF/DKIM/DMARC authentication - Knowledge of common spearphishing techniques and pretexts ## Key Concepts ### Spearphishing Characteristics - **Targeted recipients**: Specific individuals, often executives or finance staff - **Researched pretexts**: References to real projects, colleagues, or events - **Impersonation**: Spoofs trusted senders (CEO, vendor, partner) - **Low volume**: Few emails to avoid pattern-based detection - **Urgent tone**: Creates pressure to act quickly ### Gate...

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
today
Language
Python
License
Apache-2.0

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

implementing-proofpoint-email-security-gateway

Deploy and configure Proofpoint Email Protection as a secure email gateway to detect and block phishing, malware, BEC, and spam before messages reach user inboxes.

12,642 Updated today
mukul975
AI & Automation Featured

hunting-for-spearphishing-indicators

Hunt for spearphishing campaign indicators across email logs, endpoint telemetry, and network data to detect targeted email attacks.

12,642 Updated today
mukul975
AI & Automation Featured

conducting-spearphishing-simulation-campaign

Spearphishing simulation is a targeted social engineering attack vector used by red teams to gain initial access. Unlike broad phishing campaigns, spearphishing uses OSINT-derived intelligence to craf

12,642 Updated today
mukul975
AI & Automation Featured

conducting-phishing-incident-response

Responds to phishing incidents by analyzing reported emails, extracting indicators, assessing credential compromise, quarantining malicious messages across the organization, and remediating affected accounts. Covers email header analysis, URL/attachment sandboxing, and mailbox-wide purge operations. Activates for requests involving phishing response, email incident, credential phishing, spear phishing investigation, or phishing remediation.

12,642 Updated today
mukul975
AI & Automation Featured

investigating-phishing-email-incident

Investigates phishing email incidents from initial user report through header analysis, URL/attachment detonation, impacted user identification, and containment actions using SOC tools like Splunk, Microsoft Defender, and sandbox analysis platforms. Use when a reported phishing email requires full incident investigation to determine scope and impact.

12,642 Updated today
mukul975