Cisco Secure Email Threat Defense unusual spike found for emails having `Domain brand impersonation` detection technique

This rule is part of a beta feature. To learn more, contact Support.
cisco-secure-email-threat-defense

Classification:

attack

Tactic:

TA0001-initial-access

Technique:

T1566-phishing

이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Goal

Detects email when unusual spike occur in emails for Domain brand impersonation detection technique.

Strategy

This rule monitors emails to detect unusual spike in email events for Domain brand impersonation detection technique.

Triage and response

  1. Investigate emails with Domain brand impersonation detection technique.
  2. Identify the domains being impersonated and the potential impact on your organization. This detection technique have severity {{@verdict.techniques.severity}}.
  3. Take required actions according to company policy to block these impersonated domains.
  4. Evaluate whether any sensitive information or credentials might have been compromised.
  5. Notify users within your organization about the domain brand impersonation incidents.
PREVIEWING: dgreen15/github-error-fix