ProofPoint_Malware_Threat
ID: 100189
Description:
A malware threat has been detected by ProofPoint
Repository: Group: Proofpoint Type: event
Default Status:
Enabled
| Tags: |
|---|
| Proofpoint |
Selector:
Query:
Filters:
| Field | MUST hit |
|---|---|
| @source | proofpoint |
| @proofpoint.data.threatsInfoMap.classification | malware |
| Field | MUST NOT hit |
|---|---|
| @proofpoint.type | MessagesBlocked |
Behavior Rule:
| Key | Type | Behavior Category |
|---|---|---|
| @proofpoint.data.recipient | username | security alert |
Risks:
| Risks | Base Score | Dimension |
|---|---|---|
| ALERT_MALWARE | 800 | alert |
| ALERT_HIGH_CONFIDENCE | 2000 | alert |
Attributes:
| Alias | Key |
|---|---|
| QuarantineFolder | @proofpoint.data.quarantineFolder |
| Cluster | @proofpoint.data.cluster |
| ThreatType | @proofpoint.data.threatsInfoMap.threatType |
| ThreatURL | @proofpoint.data.threatsInfoMap.threatUrl |
| Username | @proofpoint.data.recipient |
| Type | @proofpoint.type |
| Subject | @proofpoint.data.subject |
Correlation Rules:
First Occurrence:
| Name | Window | Fields |
|---|---|---|
| NewUser | 10 days | @proofpoint.data.recipient |
| Risks: | ML_NEW_USER |
History:
| User | Date |
|---|---|
| em*n@fluencysecurity.com | 2021 Mar 2 03:01:00 EST |
| em*n@fluencysecurity.com | 2021 Mar 2 09:44:41 EST |
| ho*d@fluencysecurity.com | 2021 Mar 2 18:50:07 EST |
| em*n@fluencysecurity.com | 2021 Mar 3 09:06:23 EST |
| em*n@fluencysecurity.com | 2021 Mar 3 09:44:02 EST |
| em*n@fluencysecurity.com | 2021 Mar 10 03:13:29 EST |
This page was automatically created/formatted on Wed, 2022 May 4 21:43:53 EDT, from rule_dump.json (4d88bffdfb1cea26b3985f2193033606)