Mimecast Alert: phishing email detected

This rule is part of a beta feature. To learn more, contact Support.
mimecast

Classification:

attack

Tactic:

TA0001-initial-access

Technique:

T1566-phishing

Set up the mimecast integration.

이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Goal

Detect when Mimecast identifies a phishing email.

Strategy

Targeted Threat Protection - Impersonation Protect tackles the increasing threat of socially engineered “whaling” attacks. This rule can used to detect an email which contains impersonation attempts that have been flagged as external and malicious with definition as phishing.

For more details: Click here

Triage and response

  1. Investigate the suspected phishing email, including sender information, email content, and any attachments.
  2. Verify whether sensitive information has been compromised and assess the impact.
  3. Apply appropriate remediation steps according to the company’s incident response policy, which may include:
    • Marking the email as phishing and reporting it to your security team.
    • Investgate sender: {{@senderAddress}} or blocking the sender’s email address.
    • Notifying potentially affected users and providing guidance on next steps.
    • Updating email filters and security measures to prevent similar attacks.
PREVIEWING: aliciascott/DOCS-9725-Cloudcraft