Email with file-sharing link containing auto-download parameter

Cortex XSIAM Analytics Alert Reference by Alert name
Product
Cortex XSIAM
Last date published
2025-11-12
Category
Analytics Alert Reference
Index by
Alert name

Synopsis

Activation Period

14 Days

Training Period

30 Days

Test Period

N/A (single event)

Deduplication Period

1 Day

Required Data

  • Requires:
    • Microsoft 365 Emails

Detection Modules

Email

Detector Tags

Malicious URLs

ATT&CK Tactic

ATT&CK Technique

Severity

Informational

Description

The email contains a link to a file-sharing service that includes parameters likely to trigger automatic download.

Attacker's Goals

The attacker may be attempting to deliver malware or exfiltrate data using auto-download file-sharing links.

Investigative actions

  • Analyze the linked file(s) to determine if they pose any security risk.
  • Check the sender's communication history within the organization.
  • Analyze the file reputation using sandbox or threat intelligence sources.
  • Verify whether similar links were sent to other users.

Variations

External email with file-sharing link containing auto-download parameter

Synopsis

ATT&CK Tactic

ATT&CK Technique

Severity

Low

Description

The email contains a link to a file-sharing service that includes parameters likely to trigger automatic download.

Attacker's Goals

The attacker may be attempting to deliver malware or exfiltrate data using auto-download file-sharing links.

Investigative actions

  • Analyze the linked file(s) to determine if they pose any security risk.
  • Check the sender's communication history within the organization.
  • Analyze the file reputation using sandbox or threat intelligence sources.
  • Verify whether similar links were sent to other users.