Egress Defend - Dangerous Attachment Detected

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Content Index

---

Defend has detected a user has a suspicious file type from a suspicious sender in their mailbox.

Attribute	Value
Type	Analytic Rule
Solution	Egress Defend
ID	a0e55dd4-8454-4396-91e6-f28fec3d2cab
Severity	Medium
Status	Available
Kind	Scheduled
Tactics	Execution, InitialAccess, Persistence, PrivilegeEscalation
Techniques	T1204, T0853, T0863, T1566, T1546, T1546
Required Connectors	EgressDefend
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Transformations	Ingestion API	Lake-Only
EgressDefend_CL 🔶	?	✓	?
KnowBe4Defend_CL 🔶	?	✓	?

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Analytic Rules · Back to Egress Defend