Jump to:navigation, search
Wiki

Whitelisting for Awareness Plus

From Securepoint Wiki





notempty
Dieser Artikel bezieht sich auf eine nicht mehr aktuelle Version!

notempty
Der Artikel für die neueste Version steht hier

notempty
Zu diesem Artikel gibt es bereits eine neuere Version, die sich allerdings auf eine Beta-Version bezieht











































{{var | 1=URL-Filter--Menü | 2=Konfiguration in der Securepoint UTM unter {{{Menu-UTM|Anwendungen|Mailfilter|URL-Filter} | 3=Configuration in Securepoint UTM under { Applications Mailfilter  Area URL-Filter}




















Whitelisting for the simulated phishing emails of the Securepoint Awareness PLUS training course

Last adaption: 11.2024

New:
  • Updated to Redesign of the webinterface
  • Korrektur der URL zum Aufruf des Webinterfaces
notempty
This article refers to a Beta version
Access: UTM-IP:Port or UTM-URL:Port
Port as configured at Network / Appliance Settings / Webserver
Default-Port: 11115
i.e.: https://utm.ttt-point.de:11115
Default: https://192.168.175.1:11115 Applications Mailfilter  Area Filter rules


Whitelisting UTM

In order for the simulated phishing mails of the Securepoint Awareness PLUS training to reach the users, a whitelisting must be configured in the mail filter of the UTM.
Otherwise, the mails might be discarded by the UTM.


Filter rules

Configuration in Securepoint UTM under { Applications Mailfilter  Area Filter Rules button Add Rule

Caption Value Description Add Filter Rule UTMuser@firewall.name.fqdn Application Mail filter
Dialog
Rule name: AwarenessWhitelist Unique name
Connect criteria with and operator All criteria must apply
If an email is received:
and source host

is »203.0.113.113
 IP address from which to receive simulated phishing emails.
The specific IP address differs depending on the industry package and email templates chosen.
The IP address can be found in the Awareness Manager portal under SimulationWhitelisting in the Email Server section.
and header field

Fromis »absender@securepoint.awareness.domain
 Sender address of the simulated phishing mail
The specific sender address differs depending on the industry package and email templates chosen.
The sender addresses used can be found in the Awareness Manager portal under SimulationWhitelisting in the section Envelope sender addresses (technical senders)


notempty
New in the Wiki

and sender

ends with »@awareness.securepoint.de
 The sender address of the simulated phishing mail ends with this.
Perform action:
Accept email
 Lets the email pass
Save Saves the settings


URL Filter

Caption Value Description Add Rule UTMuser@firewall.name.fqdn Application Mail filter
Dialog
Add Rule https://simulierte.phishing.url Emails must not be blocked based on domains included in phishing links.
The specific domains differ depending on the industry package and email templates chosen.
The domains can be found in the Awareness Manager portal under SimulationWhitelisting in the List of domains used in phishing links section.
Tab Action By default new URLs are blocked.
The action must be changed to allow.
Deletes the url filter rule


Whitelisting Mailserver

It must be ensured that the mail server does not filter emails itself.
For this purpose, please adjust the configuration of your own mail filter accordingly.


Whitelisting with Microsoft 365

There is a separate Wiki article for whitelisting in Microsoft 365.

Retrieved from "https://wiki.securepoint.de/index.php?title=AWP/Whitelisting_11.2024&oldid=94572"