Day 48 #100DaysofSigma Stop those pesky OneNote files before a user can open them with the OneNote Attachment File Dropped In Suspicious Location rule from @nas_bench.
github.com/SigmaHQ/sigma/blo…
1
19
49
Ideally, these files are blocked at the email gateway and firewall, but catch them dropped to these locations for a layered approach. Sometimes a malicious file can lurk on disk, waiting for the user to accidentally interact with them days or weeks later, be proactive.
Jan 27, 2023 · 1:55 PM UTC
5