Skip to content

Traffic to infected domains

Alert Purpose

This alert should be trigged on detecting malicious Domains (BlackListDomains).

Data Sources Needed

  • web access events

Description

  1. Rule1 - EventID = “event id for web access events“ AND “Accessed domain field” isinList @BlackListDomains

Alert Object

To export the alert settings, click on Alert Object above.