AURL - Email contains URL(s) classified as inappropriate

Cortex XDR Analytics Alert Reference by Alert name

Product: Cortex XDR
Last date published: 2025-06-10
Category: Analytics Alert Reference
Index by: Alert name

Synopsis

Activation Period	14 Days
Training Period	30 Days
Test Period	N/A (single event)
Deduplication Period	3 Days
Required Data	Requires: Microsoft 365 Emails
Detection Modules	Email
Detector Tags
ATT&CK Tactic	Reconnaissance (TA0043) Initial Access (TA0001) Execution (TA0002)
ATT&CK Technique	Phishing for Information (T1598) Phishing (T1566) User Execution (T1204)
Severity	Informational

Description

An email with URL(s) classified by our systems as inappropriate has been detected.

Attacker's Goals

Trick the user into engaging with a URL(s), aiming to extract information/establish access to the network.

Investigative actions

Examine the sender's IP address and reputation.
Verify whether the sender's IP address has appeared in different log sources before, and if it is recognizable.
If the message contains attachments/links, scrutinize them for any suspicious indications.
Monitor further actions taken, such as file downloads or access to potentially malicious links.