EXPLORE
Sign In
← Back to Explore
sublimeExclusion

Cofense PhishMe phishing simulation

Identifies phishing simulations sent by Cofense PhishMe and excludes the message from live analysis.

Detection Query

type.inbound
and any(headers.ips,
  .ip in (
    "13.113.166.58",
    "35.182.57.68",
    "52.1.96.230",
    "52.20.128.29",
    "52.20.155.14",
    "52.28.182.143",
    "52.28.252.18",
    "52.29.24.224",
    "52.29.5.79",
    "52.5.119.169",
    "52.62.59.61",
  )
)

Data Sources

Email MessagesEmail HeadersEmail Attachments

Platforms

email
Raw Content
name: "Cofense PhishMe phishing simulation"
description: "Identifies phishing simulations sent by Cofense PhishMe and excludes the message from live analysis."
type: "exclusion"
source: |
  type.inbound
  and any(headers.ips,
    .ip in (
      "13.113.166.58",
      "35.182.57.68",
      "52.1.96.230",
      "52.20.128.29",
      "52.20.155.14",
      "52.28.182.143",
      "52.28.252.18",
      "52.29.24.224",
      "52.29.5.79",
      "52.5.119.169",
      "52.62.59.61",
    )
  )