Box malicious file detected

This rule is part of a beta feature. To learn more, contact Support.
box

Classification:

attack

Tactic:

TA0002-execution

Technique:

T1204-user-execution

이 페이지는 아직 한국어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Goal

Detects when Box identifies a file containing malware, indicating a potential threat to users or shared content.

Strategy

Monitor security events where a file uploaded to Box is flagged as malicious to prevent distribution of infected content.

Triage and Response

  1. Review the user {{@usr.email}} who uploaded the malicious file.
  2. Note the file name {{@source.item_name}} to assess its context, location, and sharing status.
  3. Quarantine or delete the malicious file and notify involved users.
  4. Review user activity and scan associated files for additional threats.