Cisco Secure Email Threat Defense unusual spike found for emails having `Rare sender domain` detection technique

This rule is part of a beta feature. To learn more, contact Support.
cisco-secure-email-threat-defense

Classification:

attack

Tactic:

TA0001-initial-access

Technique:

T1566-phishing

이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Goal

Detects emails when there is a unusual spike in emails having Rare sender domain detection technique.

Strategy

This rule monitors emails to detect spike in emails with Rare sender domain detection technique.

Triage and response

  1. Investigate emails metadata that are: sender, receiver, sender domain to further evaluate the impact.
  2. Determine the severity - {{@verdict.techniques.severity}} of the threat based emails and the potential impact on the organization.
  3. Block these domains according to company policy if required.
  4. Analyse if any sensitive data has been shared with these rare sender domain emails.
PREVIEWING: dgreen15/github-error-fix