Traffic to infected domains
Alert Purpose
This alert should be trigged on detecting malicious Domains (BlackListDomains).
Data Sources Needed
- web access events
Description
- Rule1 - EventID = “event id for web access events“ AND “Accessed domain field” isinList @BlackListDomains
Alert Object
To export the alert settings, click on Alert Object above.