---
title: >-
  Bitdefender unusual spike found in phishing events being generated for single
  URL
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > OOTB Rules > Bitdefender unusual spike found in
  phishing events being generated for single URL
---

# Bitdefender unusual spike found in phishing events being generated for single URL

{% alert level="danger" %}
This rule is part of a beta feature. To learn more, [contact Support](https://docs.datadoghq.com/help/).
{% /alert %}
Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1566-phishing](https://attack.mitre.org/techniques/T1566) 
## Goal{% #goal %}

Detects unusual spikes in phishing events being generated for a single URL.

## Strategy{% #strategy %}

This rule monitors antiphishing logs to detect unusual spikes in phishing events being generated for a single URL.

## Triage and Response{% #triage-and-response %}

1. Investigate logs and identify endpoints where the phishing attempts occurred.
1. Validate if the phishing attempt was user-initiated or triggered by an automated script or compromised service.
1. Review logs for systems or endpoints accessing the same URL to identify patterns of a broader phishing campaign.
1. If necessary, block the URL at the network level.
1. Notify impacted users about the phishing attempt and remind them not to interact with suspicious emails or links.