Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
'This query looks for users with suspicious spikes in the number of files accessed that relate to topics commonly accessed as part of Business Email Compromise (BEC) attacks. The query looks for access to files in storage that relate to topics such as invoices or payments, and then looks for users accessing these files in significantly higher numbers than in the previous 14 days. Incidents raised by this analytic should be investigated to see if the user accessing these files should be accessing
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | Business Email Compromise - Financial Fraud |
| ID | cd8d946d-10a4-40a9-bac1-6d0a6c847d65 |
| Severity | Medium |
| Kind | Scheduled |
| Tactics | Collection |
| Techniques | T1530 |
| Source | View on GitHub |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
↑ Back to Analytic Rules · Back to Business Email Compromise - Financial Fraud