Acronis - Multiple Endpoints Accessing Malicious URLs

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Content Index

Multiple endpoints accessing malicious URLs could indicate an ongoing phishing attack, with several employees interacting with those URLs.

Attribute Value
Type Analytic Rule
Solution Acronis Cyber Protect Cloud
ID 1385f0ce-69d9-4abf-8039-52080c8c7017
Severity Medium
Kind Scheduled
Tactics Execution
Techniques T1204.001
Source View on GitHub

Tables Used

This content item queries data from the following tables:

Table Selection Criteria Transformations Ingestion API Lake-Only
CommonSecurityLog DeviceEventClassID == "MaliciousUrlDetected"
DeviceVendor == "Acronis"		 ?

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Analytic Rules · Back to Acronis Cyber Protect Cloud