Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
Detects email forensics events containing one or more URLs whose domain has not been seen in the previous 14 days, which may indicate newly observed phishing infrastructure or suspicious delivery patterns.
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | Red Sift |
| ID | 8972b513-12a2-4b46-8263-3f091d88a8bc |
| Severity | Medium |
| Status | Available |
| Kind | Scheduled |
| Tactics | InitialAccess |
| Techniques | T1566 |
| Required Connectors | RedSiftPush |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
RedSiftEmailForensics_CL |
✗ | ✓ | ✗ |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊