Importing delivr.to Results into VECTR


This section outlines the steps required to import delivr.to results into VECTR:

  • Navigate to the Campaign Details portal for the campaign you intend to import into VECTR and click Download JSON.

Campaign Details

cd delivrto_vectr_import/
python3 -m pip install -r requirements.txt
  • Populate the vectr.env file with all required information for your VECTR instance, including API key (guidance available here).
API_KEY="GYJBXXXXXXXXXXXXXXXX:XXXXXXXX/XXXXXXXXXX"
VECTR_GQL_URL="https://vectr.local:8081/sra-purpletools-rest/graphql"
TARGET_DB="DELIVRTO"

# This should match the org name in VECTR that you want to use for created content
ORG_NAME="DELIVRTO"

ASSESSMENT_NAME = "THREAT INTEL"
CAMPAIGN_NAME = "Links and Attachments"
  • Execute the tool, specifying the delivr.to JSON results path (optionally use the --step flag to process each delivr.to email one-by-one).
python3 delivrto_vectr_import.py --path emails-in-campaign-summary.json --step

                    *.
               .*****.....
           **********..........
       **************..............
     ,,,.......................... ..
     ,,,,,,, ........................
     ,,,,,,,,,,,......... ...........
     ,,,,,,,,,,,,,,,,................   delivr.to VECTR results importer 
     ,,,,,,,,,,,,,,,,................
     ,,,,,,,,,,,,,,,,................   https://delivr.to
     ,,,,,,,,,,,,,,,,................
       ,,,,,,,,,,,,,,..............
           .,,,,,,,,,..........
                ,,,,,......
                    ,.


[*] 48 emails to be processed.

[*] Initialising VECTR API:
  - Assessment Name: THREAT INTEL
  - Target DB: DELIVRTO
  - Using existing assessment with ID: ffbebbe9-3e81-4c03-a602-cfd67641a069
  - Created campaign with ID: d2923568-9ec7-4101-921e-37b18cc0f620

[*] Process file 'CVE_2022_41091_lnk_zip.zip' sent as attachment? [Y/n]
[*] Process file 'August_020822_9702_pdf.zip' sent as link? [Y/n]
[*] Process file 'Overdue#8500.html' sent as attachment? [Y/n]
[*] Process file 'calc_dde.csv' sent as link? [Y/n]
...

[+] Completed results import to VECTR.
[+] 48 emails processed.
  • Navigate to the specified assessment in VECTR to view the results.

VECTR results

  • Viewing a given test case, all click information, delivery status, as well as any rules flagged by integrations will be present in the details! You’ll also find a reference to the original payload in the test case References field.

VECTR detailed test case