Brand Exploit Protect - The Dashboard

Updated

This guide describes the Brand Exploit Protect dashboard, including:

Brand Exploit Protect uses a dashboard to display all URLs related to your chosen domains that have been detected by us. The dashboard's data is continually updated as new information comes to light. By monitoring activity on the dashboard, you can take direct action to safeguard against counterfeit domains and websites that pose a threat to your company.

Your main domain content (HTML) is used to detect live attacks and impersonation attempts. If found, URLs are marked with a "Live Attack" status. The dashboard's statistics help to provide a high-level overview of:

  • The types of harmful URL threats your company is facing.
  • The trends in the threats you receive.

Accessing the Dashboard

To access the dashboard:

  1. Log in to Brand Exploit Protect.
  2. Click on Dashboard in the navigation pane.

The dashboard homepage is split into the following sections:

  • Detected URLs: This lists the URLs that are flagged as potentially harmful. Whilst the list displays URLs that have been detected, you can manually add up to 100 URLs that you deem malicious or harmful to your company. See the "Adding URL" section below for further details. A URL can have one of the following statuses:
Status Description
Not Suspicious When we start the onboarding process, we receive a whitelist of all the domains that your company owns. These domains are set to "Not Suspicious". Websites that are accessed and found to be legitimate and unrelated to your brand, are also marked as "Not Suspicious". URLs with the "Not Suspicious" tag aren't monitored to reduce the amount of noise, and provide you with the most relevant information.
Suspicious Our algorithm searches for similarities between your domain and other existing domains. The domains that were found similar are inserted into our dashboard, and automatically tagged as "Suspicious". We consider every URL we find as suspicious until proven otherwise. However, not all domains under the category of "Suspicious" are malicious. It just means that they're continuously monitored.
Live Attack A suspicious website becomes a "Live Attack" when the similarity between the site content of a website and your website bypasses a specific threshold. This usually happens when your logo and content are on the lookalike domain, or if it is similar to a previous attack you've experienced.
  • Historical Evaluation: This displays a chart of recent URL status activity. It allows you to monitor the status and trends in the types of URL threats your company receives. The color-coded graph reports the number of URLs and how they have been marked, according to status.
  • Detected URLs (Past Month): This displays a graphical summary of detected URLs in the past month by date and number.
  • TLD Distribution: This donut chart displays the number of top-level domains according to category.

Adding URLs

To add additional URLs: 

  1. Click on the + Add button.
  2. Enter the Full URL (e.g. http://www.example.com).
  3. Press the Enter key.
  4. Repeat Steps 2 and 3 for other domains.
  5. Click on the Add URLs button.

Filtering / Sorting the Dashboard

You can filter and sort the dashboard using icons above each column. These help you to focus on specific URLs listed on the dashboard.

Consider the following when filtering/sorting:

  • When a filter is applied, the column's filter icon turns orange.
  • You can filter more than one column.
  • An indication is displayed at the top of the dashboard of the filters applied.
 

Accessing a URL's Details

With the list of URLs displayed on the dashboard, you can display further details of a specific URL by either clicking on the URL or the ... icon at the end of the row. The URL's details are displayed in the following sections:

  • Content Info: Displays generic information about the URL, including the scan date, status, title, redirect URL, and username. Additionally, you can click on the:
    • Rescan button to refresh the URL's details. This is only available if the URL status is "Suspicious".
    • < or > arrows either side of the Scan Date field to display the results of other scans
    • </> HTML Code button to display any HTML added to the URL.
  • DNS: Displays DNS information including the PNS, NS, A, MX, and CNAME records.

Hover over any of these fields to display a  icon which when clicked copies the entries to your clipboard.

  • Mimecast Email & Web Security: This section allows you to generate security policies in your Mimecast account.

This section is only populated if your Mimecast account has email and web security services licensed on it.

Enable one or more of the following:

  • Block Sender Domain: Creates a Blocked Sender policy to stop all emails from the domain from reaching your Mimecast account. Click on the Block button in the confirmation dialog to confirm the policy's creation.
  • Block URL (Domain): Creates a Targeted Threat Protection Managed URL with the "Override Type " set to "Blocked" and the "Match Type" set to "Domain". This blocks both the chosen URL, and any others that exist that use the domain.
  • Block URL (Explicit): Creates a Targeted Threat Protection Managed URL with the "Override Type " set to "Blocked" and the "Match Type" set to "Explicit". This blocks the chosen URL, but not any others that exist that use the domain.

Taking Action on a URL

From either the dashboard or the URL Details, you can take action against a URL. The actions available is dependent on the URL's current status.

To take action on a URL:

  1. Click on the Action button.
  2. Select the required Action:
Action Description Available in Status
Mark as Suspicious The URL is marked as suspicious, but no attempt is made to take it down. Not Suspicious
Mark as Not Suspicious All new URLs are automatically marked as suspicious and are continually monitored for changes (e.g. content, DNS, or MX record changes). You can mark a URL as not suspicious at any time (e.g. if the domain belongs to you or a partner). Suspicious
Request Take Down

A request is made to take down the URL is sent to the host.

Takedowns are only available if the URL has content similar to yours, or has sent malicious messages to your customers. A misleading domain name without proof of phishing is usually insufficient evidence to successfully take a site down.

 Suspicious
Take Down Aborted
Taken Down
Fake Data Submitted

Exporting the Dashboard List

You can export the dashboard list to a .CSV file:

  1. Click on the Export button.
  2. Select either:
    • Entire List: This exports all the dashboard data regardless of what filters are applied.
    • With Filters: This exports only the dashboard data according to what filters are set.
  1. Click on the Export button. A notification is displayed when the file has been downloaded successfully. The file name is "export-replications-from-segasec@xxxxxxxxxxxxx".

See Also...

Related to

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.