support@threatwave.com

Real-Time Email Data

Discover email-born data relevant to your mission 

Access real-time email data to identify Senders, IPs, Domains, Content and Threats specific to your analytics and mission. Build candidate set data feeds to power your own analytics and mission. Filter by 30+ message factors and regex. Receive machine-readable JSON to your S3 or ARFs to your intake mailbox.

Use Cases

  • A Government Agency monitors phishing attempts that abuse their brand and reputation
  • A threat researcher trains a malware engine based on MS Office-born threats
  • A Market Intelligence firm monitors industry-specific email content
  • A Brand Protection Service monitors phishing attempts that abuse their customers’ brands
  • A TLD monitors spam and abuse coming from its domain
  • An enterprise monitors botnet IPs in order to track potential threats coming into its network 
  • A Partner detonates suspicious attachments to create a C2 feed

How It Works

Create Monitor Matching Criteria

Determine the matching values that elicit the desired email-based data set. Consider which values you would want to find in an email –  for instance, a keyword, IP address, TLD, Sender Email Address, etc. These are the selectors to find.

Choose Monitor Matching Filters

Filters determine where to apply Message Matching Criteria within the message transactions.  We parse the message received by our system, and at a high level, can apply selection criteria against the following types of attributes:

  • Message Headers (SMTP RFC Headers + ThreatWave Proprietary Attributes)
  • Message Body
  • Message Links (URIs)
  • Message Transaction Attributes (Origination IP address, etc)
  • Email envelope From

Choose Monitor Delivery

There are two main ways to have data delivered:

  • Email Transfer: ARF or Email Redirect
  • File Transfer: Amazon S3 in 1 minute time increments, JSON format