Skip to content

Inoitsu#

README

Inoitsu-analyzer#

This analyzer helps you investigate suspicious emails received from known or unknown senders to ensure that their email addresses aren't compromised.

No API key required.

If the email is compromised then it returns: - Total breaches - Most recent breach - Breached data - Critical data - Exposure rating: The comparative data exposure and risk rating assigned to this email address.

Testing Inoitsu analyzer (Cortex)#

You need first to enable the analyzer.

enable analyzer

Navigate to Analyzers then run Inoitsu analyzer.

run analyzer

Test Inoitsu analyzer on a compromised email address.

report

Test Inoitsu analyzer on an uncompromised email address.

uncompromised

Testing Inoitsu analyzer (TheHive)#

In the observables section add emails to test.

Then select the emails that you want to analyze, select Inoitsu and click on Run selected analyzers.

thehive iocs

response

To view the report of the compromised email, click on Inoitsu:Compromised="True"

analyzer report

To view the report of the uncompromised email, click on Inoitsu:Compromised="False"

analyzer report 2

Inoitsu#

Author: Abdelkader Ben Ali
License: MIT
Version: 1.0
Supported observables types:
- mail
Registration required: False
Subscription required: False
Free subscription: True
Third party service: https://www.hotsheet.com/inoitsu/

Description#

Query Inoitsu for a compromised email address.

Configuration#

No specific configuration required.

Templates samples for TheHive#

Inoitsu long report sample

Inoitsu mini report sample