Check Point Harmony Email & Collaboration multiple spam emails from external sender

This rule is part of a beta feature. To learn more, contact Support.
checkpoint-harmony-email-and-collaboration

Classification:

attack

Tactic:

TA0001-initial-access

Technique:

T1566-phishing

이 페이지는 아직 한국어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Goal

Detects when multiple spam emails are received from an external sender within a short period, which may indicate a spam campaign, potential phishing attempt, or an attempt to evade email filtering.

Strategy

This rule monitors inbound emails and raises an alert when multiple spam emails originate from an external sender, suggesting possible malicious intent or an improperly configured email system.

Triage and Response

  1. Review the sender email address {{@event.entity.entity_payload.from_email}} and analyze the spam emails.
  2. Move similar emails to the spam or junk folder to reduce further risk.
  3. If confirmed malicious, initiate the security incident response process.