Sophos_Potential_Corporate_Privacy_Violation

ID: 100215

Description:

Sophos has detected a potential corporate privacy violation

Repository: Group: Sophos Type: event

Default Status:

Enabled

Tags:
Sophos

Selector:

Field	MUST hit
@tags	sophos
@sophos.classification	Potential Corporate Privacy Violation

Field	MUST NOT hit

Key	Type	Behavior Category
@sophos.src_ip	ip	security alert

Risks	Base Score	Dimension
ALERT_NORMAL	100	alert
Timeline	0	-

First Occurrence:

Name	Window	Fields
NewCountry	10 days	@sophos.src_country
	Risks:	ML_NEW_GEO_COUNTRY

User	Date
em*n@fluencysecurity.com	2021 Mar 23 02:11:58 EDT

This page was automatically created/formatted on Wed, 2022 May 4 21:43:53 EDT, from rule_dump.json (4d88bffdfb1cea26b3985f2193033606)