Check Point Harmony Email & Collaboration multiple spam emails from external sender
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、
お気軽にご連絡ください。
Goal
Detects when multiple spam emails are received from an external sender within a short period, which may indicate a spam campaign, potential phishing attempt, or an attempt to evade email filtering.
Strategy
This rule monitors inbound emails and raises an alert when multiple spam emails originate from an external sender, suggesting possible malicious intent or an improperly configured email system.
Triage and Response
- Review the sender email address
{{@event.entity.entity_payload.from_email}} and analyze the spam emails. - Move similar emails to the spam or junk folder to reduce further risk.
- If confirmed malicious, initiate the security incident response process.
