Bitdefender unusual spike found in phishing events being generated for single URL

This rule is part of a beta feature. To learn more, contact Support.

Classification:

attack

Tactic:

Technique:

Goal

Detects unusual spikes in phishing events being generated for a single URL.

This rule monitors antiphishing logs to detect unusual spikes in phishing events being generated for a single URL.

Investigate logs and identify endpoints where the phishing attempts occurred.
Validate if the phishing attempt was user-initiated or triggered by an automated script or compromised service.
Review logs for systems or endpoints accessing the same URL to identify patterns of a broader phishing campaign.
If necessary, block the URL at the network level.
Notify impacted users about the phishing attempt and remind them not to interact with suspicious emails or links.