LoFP
/
gsuite
gsuite rule
Title
Tags
network admin and normal user may send this file attachment as part of their day to day work. having a good protocol in attaching this file type to an e-mail may reduce the risk of having a spear phishing attack.
t1048
t1048.003
t1566
t1566.001
gsuite
splunk
network admin or normal user may share files to customer and external team.
t1567
t1567.002
gsuite
splunk
normal email contains this link that are known application within the organization or network can be catched by this detection.
t1566
t1566.001
gsuite
splunk
normal user or normal transaction may contain the subject and file type attachment that this detection try to search.
t1566
t1566.001
gsuite
splunk
this search will also produce normal activity statistics. fields such as email, ip address, name, parameters.organizer_calendar_id, parameters.target_calendar_id and parameters.event_title may give away phishing intent.for more specific results use email parameter.
t1566
gsuite
splunk
LoFP
/
gsuite