targeted attack platform
April 24, 2024 · View on GitHub
Expression
product = "targeted attack platform"
Fields
| Field | Core | Detection | Informational |
|---|---|---|---|
| country | ✓ | ||
| query_id | ✓ | ||
| mime | ✓ | ||
| rule | ✓ | ||
| malware_score | ✓ | ||
| threat_id | ✓ | ||
| alert_type | ✓ | ||
| src_ip | ✓ | ||
| result | ✓ | ||
| protocol | ✓ | ||
| alert_id | ✓ | ||
| hash_md5 | ✓ | ||
| page_count | ✓ | ||
| direction | ✓ | ||
| creator | ✓ | ||
| phishing_score | ✓ | ||
| message_id | ✓ | ||
| num_recipients | ✓ | ||
| hash_sha256 | ✓ | ||
| auth_method | ✓ | ||
| return_path | ✓ | ||
| bytes | ✓ | ||
| dest_ip | ✓ | ||
| is_consolidated | ✓ | ||
| log_source | ✓ | ||
| malware_url | ✓ | ||
| spam_score | ✓ | ||
| category | ✓ | ||
| alert_name | ✓ |
Activity Types
| Activity Type | Field | Status | Core | Detection | Informational |
|---|---|---|---|---|---|
| email-receive | folder_name | Default | ✓ | ||
| email-send |