Check Point Harmony Email & Collaboration malware attachments in email received by user

This rule is part of a beta feature. To learn more, contact Support.
checkpoint-harmony-email-and-collaboration

Classification:

attack

Tactic:

TA0005-defense-evasion

Technique:

T1036-masquerading

이 페이지는 아직 한국어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Goal

Detects when emails containing malware attachments are received from an external sender, which may indicate a malware distribution campaign or a compromised sender attempting to spread malicious payloads.

Strategy

This rule monitors inbound emails and raises an alert when emails with malware attachments originate from an external sender, suggesting a targeted attack or widespread malware distribution.

Triage and Response

  1. Review the sender email address {{@event.entity.entity_payload.from_email}} and analyze the malware attachments.
  2. Quarantine or delete the detected emails to prevent users from opening malicious attachments.
  3. Notify affected users and begin a security incident response process to investigate engagement with attachment and endpoint activity.