Mimecast Alert: email contains malicious file

This rule is part of a beta feature. To learn more, contact Support.

Set up the mimecast integration.

이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Goal

Detect an email which contains a malicious attachment.

Strategy

Targeted Threat Protection - Attachment Protection is an advanced service that protects customers from the growing risk of spear phishing and other targeted attacks using email attachments. This rule can be used to detect and strip attachments from inbound messages that could potentially contain malicious code. For example, PDFs and Microsoft Office files.

For more details: Click here

Triage and response

  1. Inspect the email for sender information {{@senderAddress}} and review the action taken by Mimecast {{@actionTriggered}}.
  2. If the attachment was not blocked or removed, quarantine the email and conduct a thorough analysis of the attachment.
  3. Execute the company’s incident response protocol, which may include:
    • Notifying the intended recipient and warning against opening the attachment.
    • Scanning affected systems for malware.
    • Updating security filters to detect and block similar threats in the future.