Analytics Alerts
Browse the Cortex analytics alert reference.
1 alert match the current filters. tactic: TA0002 ✕ technique: T1564 ✕
Show ATT&CK heatmapEmail containing a redirected link Informational Email 1 variation
An email with a redirected link has been detected.
- Activation:
- 14 Days
- Training:
- 30 Days
- Test:
- N/A (single event)
- Deduplication:
- 1 Day
ATT&CK tactics: Defense Evasion (TA0005) Execution (TA0002)ATT&CK techniques: Hide Artifacts (T1564) User Execution (T1204)Required data: Microsoft 365 EmailsDetector tags: Malicious URLsAttacker's goals: Attackers can use link redirection to disguise malicious URLs.Investigative actions: Carefully analyze the full redirection chain. Be cautious with this process, as clicking on links can pose security risks. Use URL reputation services to check if the final destination or any of the intermediate URLs are known to be malicious or associated with phishing. If the message contains attachments or links, scrutinize them for any suspicious indications. Monitor further actions taken, such as file downloads or access to potentially malicious links.Variations
Email containing a redirected link with multiple redirections
Informational overridden
An email with a redirected link has been detected.The email contains at least one redirected link with multiple redirection patterns, which is concerning as it can obscure malicious URLs and evade security filters. overridden