EMAIL BETA - Email contains potentially malicious attachments that are not blocked by default

Cortex XSIAM Analytics Alert Reference by Alert name

Product: Cortex XSIAM
Last date published: 2025-04-07
Category: Analytics Alert Reference
Index by: Alert name

Synopsis

Activation Period	14 Days
Training Period	30 Days
Test Period	N/A (single event)
Deduplication Period	1 Day
Required Data	Requires one of the following data sources: Gmail Email Log OR Office 365 Mail
Detection Modules	Email
Detector Tags
ATT&CK Tactic	Execution (TA0002) Initial Access (TA0001)
ATT&CK Technique	Exploitation for Client Execution (T1203) Phishing (T1566)
Severity	Informational

Description

Identified file extensions that are not blocked by default in G-Suite or O365, that may be malicious.

Attacker's Goals

Deploy malicious attachments through emails to compromise systems or gain unauthorized access.

Investigative actions

Check the file types and investigate the legitimacy of files intended to be sent via email.
Scrutinize the attachments for any suspicious indications.