---
title: >-
  Cisco Secure Email Threat Defense unusual spike found for emails having
  `Domain brand impersonation` detection technique
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > OOTB Rules > Cisco Secure Email Threat Defense
  unusual spike found for emails having `Domain brand impersonation` detection
  technique
---

# Cisco Secure Email Threat Defense unusual spike found for emails having `Domain brand impersonation` detection technique

{% alert level="danger" %}
This rule is part of a beta feature. To learn more, [contact Support](https://docs.datadoghq.com/help/).
{% /alert %}
Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1566-phishing](https://attack.mitre.org/techniques/T1566) 
## Goal{% #goal %}

Detects email when unusual spike occur in emails for `Domain brand impersonation` detection technique.

## Strategy{% #strategy %}

This rule monitors emails to detect unusual spike in email events for `Domain brand impersonation` detection technique.

## Triage and response{% #triage-and-response %}

1. Investigate emails with `Domain brand impersonation` detection technique.
1. Identify the domains being impersonated and the potential impact on your organization. This detection technique have severity `{{@verdict.techniques.severity}}`.
1. Take required actions according to company policy to block these impersonated domains.
1. Evaluate whether any sensitive information or credentials might have been compromised.
1. Notify users within your organization about the domain brand impersonation incidents.