Link Search Menu Expand Document

Sophos_Potential_Corporate_Privacy_Violation

ID: 100215

Description:

Sophos has detected a potential corporate privacy violation

Repository: Group: Sophos Type: event

Default Status:

Enabled

Tags:
Sophos
 

Selector:

Query:

Filters:

Field MUST hit
@tags sophos
@sophos.classification Potential Corporate Privacy Violation
Field MUST NOT hit
   

Behavior Rule:

Key Type Behavior Category
@sophos.src_ip ip security alert

Risks:

Risks Base Score Dimension
ALERT_NORMAL 100 alert
Timeline 0 -

Attributes:

Alias Key
Message @sophos.message
DestIP @sophos.dst_ip
SrcIP @sophos.src_ip
DestPort @sophos.dst_port
SrcPort @sophos.src_port
Classification @sophos.classification
Country @sophos.src_country

Correlation Rules:

First Occurrence:

Name Window Fields
NewCountry 10 days @sophos.src_country
  Risks: ML_NEW_GEO_COUNTRY

History:

User Date
em*n@fluencysecurity.com 2021 Mar 23 02:11:58 EDT

This page was automatically created/formatted on Tue, 2021 Oct 19 00:29:17 EDT, from rule_dump.json (db47c470500ce8686ead334f5eda0596)