EMAIL BETA - Potentially malicious attachment(s) spotted in an email

Cortex XSIAM Analytics Alert Reference by Alert name

Product

Cortex XSIAM

Last date published

2025-04-07

Activation Period	14 Days
Training Period	30 Days
Test Period	10 Minutes
Deduplication Period	1 Day
Required Data	Requires:
Detection Modules	Email
Detector Tags
ATT&CK Tactic	Initial Access (TA0001) Execution (TA0002)
ATT&CK Technique	Phishing (T1566) User Execution (T1204)
Severity	Medium

Multiple factors potentially indicating a problem with an email's attachment(s) have been spotted.

Cause the user to run a malicious file, potentially compromising the user's account/workstation.

Analyze the attachment(s) in a secure sandbox environment to detect possible malware or phishing attempts.
Assess the email's context and attack techniques to determine the potential risk.
Engage potentially affected users to understand if any actions were taken in response to these emails, which could increase the overall risk.
Document and escalate findings in case this is a broader phenomenon.

ATT&CK Tactic

ATT&CK Technique

Severity

High

Multiple factors potentially indicating a problem with an email's attachment(s) have been spotted.

Cause the user to run a malicious file, potentially compromising the user's account/workstation.

Analyze the attachment(s) in a secure sandbox environment to detect possible malware or phishing attempts.
Assess the email's context and attack techniques to determine the potential risk.
Engage potentially affected users to understand if any actions were taken in response to these emails, which could increase the overall risk.
Document and escalate findings in case this is a broader phenomenon.