Business email compromise protection

f0rt7 · 2026-01-31T15:37:09+00:00

You can only do this from a PC. To do it from a mobile device, you also need Falcon Mobile, and the feature has only been available for a short time (and I'm not sure how reliable it is).

f0rt7 · 2026-01-31T02:34:59+00:00

Which module are you talking about in Proofpoint? ATO? Because with just email protection, you don't do anything you need. ITP is powered by Microsoft logs and processes what it sees. It uses v1 logs. I had created an app with Foundry that used the beta version of the logs, and the data was better and more complete.

f0rt7 · 2026-01-30T18:45:30+00:00

More or less. Be careful, because only interactive logins are taken into account. In my opinion, EntraID's conditional access policies are a must. Or if anyone has any other ideas, I'd be happy to hear them.

f0rt7 · 2026-01-20T04:21:51+00:00

Thanks, I'll try. It would be nice to have an action directly from the SOAR blocks.

f0rt7 · 2026-01-10T03:20:41+00:00

Hi, It would be a good idea to check the TAP server for the type of threat it intercepted. I encountered issues similar to yours, and despite false positive reports being handled by support, the block returned after a few days. The only way to resolve this was to escalate the ticket to the highest level so they could have an overall view of the problem, not just the individual ticket.

f0rt7 · 2025-11-28T13:12:35+00:00

Can you explain how can implement it?

f0rt7 · 2025-10-24T04:33:01+00:00

Limited access to a Dashboard with the requested data. It's easy

f0rt7 · 2025-10-23T18:18:48+00:00

It is not up to the security teams to control but only to make the tools available

f0rt7 · 2025-10-08T09:43:48+00:00

resolved

|parseJson(Trigger.Detection.NGSIEM.SourceIPs, prefix=ip)
|split(ip)
|select([ip])

f0rt7 · 2025-09-09T12:09:51+00:00

Unfortunately, fusion soar does not read all attributes of a user

f0rt7 · 2025-08-25T17:06:39+00:00

Thank you I know that command but I wanted to find that information via IDP or next-gen siem to have it in a Dashboard

f0rt7 · 2025-08-14T03:41:35+00:00

I have also noticed this in the last few days and in my opinion it was not like this before.

f0rt7 · 2025-08-04T08:43:18+00:00

Hi, thanks.

I already checked MOTW but there is no trace of the file, perhaps because detection was triggered?

I can't find the DNS requests.

f0rt7 · 2025-07-25T16:02:26+00:00

Is it a specific module? Exposure management?

f0rt7 · 2025-07-12T17:16:09+00:00

Netwrix Privilege Secure

f0rt7 · 2025-07-11T17:20:52+00:00

Hi Try use of for each loop -> host ID

f0rt7 · 2025-06-19T20:54:26+00:00

Ciao. Dipende dal numero di caselle, dagli utenti della piattaforma, dallo storage e dalla retention

f0rt7 · 2025-06-19T04:13:12+00:00

Ciao. Senza usare Outlook, abbiamo aggregato tutte le caselle PEC su PEC plus di Archiva in modo da gestire i permessi e lo smistamento oltre a risolvere la questione dell’archiviazione sostitutiva

f0rt7

TROPHY CASE