Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
2 Hours |
Deduplication Period |
1 Day |
Required Data |
|
Detection Modules |
Email |
Detector Tags |
|
ATT&CK Tactic |
Initial Access (TA0001) |
ATT&CK Technique |
Phishing (T1566) |
Severity |
Medium |
Description
The email contains multiple risk indicators correlated to an imminent threat.
Attacker's Goals
Trick recipients into revealing sensitive information, hijack the organization, or obtain money through deception.
Investigative actions
- Review the email headers and metadata of to identify potential spoofing techniques or unusual routing patterns.
- Analyze any URLs or attachments in a secure sandbox environment to detect possible malware or phishing attempts.
- Correlate findings with recent alerts in the SIEM to assess whether similar accumulation patterns are forming.
- Engage potentially affected users to understand if any actions were taken in response to this email, which could increase the overall risk.
- Document and escalate findings if the accumulation of warnings suggests a broader phishing campaign.
Variations
EMAIL BETA - At least five risk indicators detected in email
Synopsis
Description
An email has been flagged for containing five or more distinct risk indicators.
Attacker's Goals
Trick recipients into revealing sensitive information, hijack the organization, or obtain money through deception.
Investigative actions
- Review the email headers and metadata of to identify potential spoofing techniques or unusual routing patterns.
- Analyze any URLs or attachments in a secure sandbox environment to detect possible malware or phishing attempts.
- Correlate findings with recent alerts in the SIEM to assess whether similar accumulation patterns are forming.
- Engage potentially affected users to understand if any actions were taken in response to this email, which could increase the overall risk.
- Document and escalate findings if the accumulation of warnings suggests a broader phishing campaign.
EMAIL BETA - At least four risk indicators detected in email
Synopsis
Description
An email has been flagged for containing four or more distinct risk indicators.
Attacker's Goals
Trick recipients into revealing sensitive information, hijack the organization, or obtain money through deception.
Investigative actions
- Review the email headers and metadata of to identify potential spoofing techniques or unusual routing patterns.
- Analyze any URLs or attachments in a secure sandbox environment to detect possible malware or phishing attempts.
- Correlate findings with recent alerts in the SIEM to assess whether similar accumulation patterns are forming.
- Engage potentially affected users to understand if any actions were taken in response to this email, which could increase the overall risk.
- Document and escalate findings if the accumulation of warnings suggests a broader phishing campaign.
EMAIL BETA - At least three risk indicators detected in email
Synopsis
Description
An email has been flagged for containing three or more distinct risk indicators.
Attacker's Goals
Trick recipients into revealing sensitive information, hijack the organization, or obtain money through deception.
Investigative actions
- Review the email headers and metadata of to identify potential spoofing techniques or unusual routing patterns.
- Analyze any URLs or attachments in a secure sandbox environment to detect possible malware or phishing attempts.
- Correlate findings with recent alerts in the SIEM to assess whether similar accumulation patterns are forming.
- Engage potentially affected users to understand if any actions were taken in response to this email, which could increase the overall risk.
- Document and escalate findings if the accumulation of warnings suggests a broader phishing campaign.