Email Watchlist
The Email Watchlist detector collects and normalizes email events from third-party data sources. The events are converted into an alert and assigned a severity and confidence based on the activity observed. The following integrations are currently handled by the Email Watchlist detector:
Examples of threat actor techniques using email as an attack vector include:
- Phishing
- Malware attachments
- Malicious URL
Email Watchlist Detector
Input(s) ⫘
Proofpoint, Mimecast
Schema ⫘
Input Field(s) ⫘
Field |
---|
sensor_type |
status |
threats.classification |
Outputs ⫘
Alerts pushed to the Secureworks® Taegis™ XDR Alert Database and XDR Dashboard.
MITRE ATT&CK Category ⫘
-
MITRE Enterprise ATT&CK - Lateral Movement - Internal Spearphishing. For more information, see MITRE Technique T1534.
-
MITRE Enterprise ATT&CK - Initial Access - Phishing. For more information, see MITRE Technique T1566.
-
MITRE Enterprise ATT&CK - Reconnaissance - Phishing for Information. For more information, see MITRE Technique T1598.
Configuration Options ⫘
None
Detector Requirements ⫘