Check Point Harmony Email & Collaboration malicious URL clicked by user
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、
お気軽にご連絡ください。
Goal
Detects instances where a user clicks on a malicious URL within an email (for example, Office 365 Mail, or Gmail) or a collaboration platform (for example, Google Drive, SharePoint, or Microsoft Teams). This may indicate a phishing attempt, malware delivery, or an attempt to steal user credentials.
Strategy
This rule monitors user activity related to URL clicks and raises an alert when a malicious URL is accessed by the same user, suggesting potential exposure to a security threat.
Triage and Response
- Review the user email address
{{@event.security_event.saas_info.saas_actor_payload.email}} and the platform involved {{@saas_name}}, and verify the source of the malicious URL. - Analyze if the URL is associated with known phishing campaigns, malware distribution, or credential theft.
- If the URL is confirmed to be malicious, initiate remediation actions such as blocking the domain, revoking access tokens, and scanning the user’s device for potential compromise.
- Notify the user and provide security awareness guidance to prevent future incidents.
