---
title: Cisco Secure Endpoint malicious file detected on multiple hosts
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > OOTB Rules > Cisco Secure Endpoint malicious file
  detected on multiple hosts
---

# Cisco Secure Endpoint malicious file detected on multiple hosts

{% alert level="danger" %}
This rule is part of a beta feature. To learn more, [contact Support](https://docs.datadoghq.com/help/).
{% /alert %}
Classification:attackTactic:[TA0002-execution](https://attack.mitre.org/tactics/TA0002)Technique:[T1204-user-execution](https://attack.mitre.org/techniques/T1204) 
## Goal{% #goal %}

Detect when a malicious file is found on multiple hosts.

## Strategy{% #strategy %}

This rule monitors Cisco Secure Endpoint logs for detecting when a malicious file is found on multiple hosts.

## Triage and response{% #triage-and-response %}

1. Investigate the file, `{{@event.file.file_name}}`, to determine if the file is malicious.
1. Investigate host(s) (`{{@event.computer.hostname}}`) in which the malicious file has been detected.
1. Analyze the file activity pattern for the potential attack.
1. Implement immediate measures to block or limit the impact of the suspicious activity, if confirmed as a threat.
1. Follow company procedures for handling malicious files, including isolating the endpoint, running antivirus/antimalware scans, analyzing logs, and updating security policies.