Mimecast Alert: malicious URL clicked by user
Set up the mimecast integration.
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、
お気軽にご連絡ください。
Goal
To detect and alert when an email contains a malicious URL, potentially indicating a phishing attempt or other security threat.
Strategy
This rule identifies emails transiting through the organization’s email gateway that contain URLs classified as malicious under a ttp definition {{@ttpDefinition}}
. These URLs may be part of phishing campaigns, malware distribution, or other malicious activities.
Triage and response
- Investigate the email source and content, focusing on the sender’s IP address:
{{@senderIPAddress}}
. - Check the URL against known threat databases and analyse the email for other indicators of compromise.
- Follow the organization’s incident response protocol, which may include:
- Isolating the email to prevent further spread.
- Notifying affected users and guiding them on how to proceed.
- Updating security filters to catch similar future attempts.