Product: ObserveIT
Use-Case: Phishing
| Rules | Models | MITRE ATT&CK® TTPs | Activity Types | Parsers |
|---|---|---|---|---|
| 2 | 1 | 4 | 2 | 1 |
| Event Type | Rules | Models |
|---|---|---|
| dlp-email-alert-out | T1048 - Exfiltration Over Alternative Protocol ↳ EM-OD-A: Abnormal email domain for organization T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol ↳ EM-OD-A: Abnormal email domain for organization |
• EM-OD: Domains per organization |
| process-created | T1566 - Phishing ↳ A-Exec-Outlook-Temp: A suspicious program was executed in the Outlook temp folder on this asset. T1566.001 - T1566.001 ↳ A-Exec-Outlook-Temp: A suspicious program was executed in the Outlook temp folder on this asset. |