---
title: Supply Chain Firewall Package Reported
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: Docs > Datadog Security > OOTB Rules > Supply Chain Firewall Package Reported
---

# Supply Chain Firewall Package Reported
Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1195-supply-chain-compromise](https://attack.mitre.org/techniques/T1195) 
## Goal{% #goal %}

The {{@scfw_report.ecosystem}} package {{@scfw_report.package}}@{{@scfw_report.version}} has been {{#is_match "case_name" "Package allowed"}}installed{{/is_match}}{{#is_match "case_name" "Package blocked"}}blocked{{/is_match}} by Supply Chain Firewall.

## Triage and Response{% #triage-and-response %}

Any logs detected by this rule are for package manager commands that were allowed or blocked from running.

- Examine the logs to determine which package has been scanned by Supply-Chain Firewall.
- Investigate the context in which the command was executed.

{{#is_match "case_name" "Package blocked"}}

### Blocked Package{% #blocked-package %}

The package was **blocked** from being installed. Determine whether this was a true positive or a false positive:

- **False positive**: This can occur when a benign package hosted internally in your enterprise has the same name as a malicious package hosted on the public registry.
- **True positive**: Audit other endpoints in your environment for completed installations of the packages of concern. {{/is_match}}
