Cisco Secure Email Threat Defense high number of threat emails received by an internal user
이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우
언제든지 연락주시기 바랍니다.Goal
Detects a high volume of threat emails received by an internal user.
Strategy
This rule monitors emails to detect a high number of threat emails received by an internal user. This includes mail received internally or mail received from outside the Microsoft 365 tenant.
Triage and response
- Investigate threat emails received by user
{{@toAddresses}}
. - Notify the receiver about the threat emails received, advising them not to interact with any suspicious content and providing guidance on reporting such incidents.
- Conduct a detailed analysis of the threat emails to identify the source, method of delivery, and any potential payloads.
- If sensitive information was compromised or if the threat emails constitute a significant incident, report to relevant authorities or regulatory bodies as required.