Hi
How can I detects suspicious links and files that been sending outside of my domain?
Hi Mai9,
Here are some suggestions:
Please find an example SIEM rule below:
ALERT WHEN email_sent TO external_domain AND ( url_in_email MATCHES threat_intel_url_list OR url_in_email HAS reputation_score > threshold OR attachment_in_email MATCHES threat_intel_file_hash_list OR attachment_in_email HAS reputation_score > threshold OR attachment_in_email MATCHES risky_file_type )
By carefully designing your SIEM alerts, you can create a proactive defense against suspicious emails and protect your organization from potential threats.