Malware & Phishing Detection

To configure Javelin's malware and phishing detection capabilities, you will need to enable the checkphish_processor.

Configuration Options

Make sure to add the checkphish_processor in the Javelin Response Chain under Processors (Gateway level). You can also enable the processor at the Route level under the Route configuration.

Settings

Javelin continually checks for malware and phishing links, URLs and domains. This is updated in real-time every minute and is based on the latest threat intelligence feeds. Special integration with Javelin Cloud is required to enable this processor. Identified links and domains are quarantined. Please contact the Javelin team for more information.

Processor Telemetry

Processor telemetry is always enabled by default and it is passed back to the calling client application under a "javelin" json object in the response. For example, you will see a response similar to the following if data masking was carried out based on matching restricted keywords:

      "request.chain.checkphish_processor_20240916074544.028397518": {
        "duration": "11.73112ms",
        "found_phishing_urls" : "true",
        "found_malware_urls" : "true",
        ...
      },

This telemetry is also available in the Javelin Chronicle for detailed analysis and tracking of sensitive data violations. You can browse to the Route configuration section of the Javelin WebApp to view the telemetry data for each request.

Security Metrics

Malware/Phishing Processor is designed to provide security metrics for specific security filters. Any matches are captured as metrics & telemetry and presented in Analytics & Security dashboards on the Javelin console.

Configuration Options​

Settings​

Processor Telemetry​

Security Metrics​

Configuration Options

Settings

Processor Telemetry

Security Metrics