EXPLORE
Sign In
← Back to Explore
sublimeExclusion

BullPhish ID phishing simulation

Identifies phishing simulations sent by BullPhish ID and excludes the message from live analysis.

Detection Query

type.inbound
and headers.mailer == "Bullphish"
and any(headers.domains, .root_domain == "bullphish.com")
and any(headers.ips, .ip == "34.237.252.20")

Data Sources

Email MessagesEmail HeadersEmail Attachments

Platforms

email
Raw Content
name: "BullPhish ID phishing simulation"
description: "Identifies phishing simulations sent by BullPhish ID and excludes the message from live analysis."
type: "exclusion"
source: |
  type.inbound
  and headers.mailer == "Bullphish"
  and any(headers.domains, .root_domain == "bullphish.com")
  and any(headers.ips, .ip == "34.237.252.20")