Message platform for automated threat simulation, reporting, detection, and remediation
摘要
說(shuō)明書(shū)
Some rules created may be content-specific, such as rules that match addressee names or domain names. In some embodiments, those rules can be stripped of personal identifiers and/or rendered anonymous before sharing, as described in more detail herein.
The rules module can also develop rules based upon reported files and extracted information from the reported messages. This feature can work in combination with the interdiction module. As a message meets specific reporting thresholds, the rules module can be automatically implemented or an administrator can implement the rules upon review. This can include extraction of header information, content information or any other information that the management console module is capable of extracting. The extraction can be automatic upon meeting a specific threshold, such as number of people reporting the same message or reporting user reputation score above a threshold. The system can then aggregate the similar characteristics or pattern matching to develop rules. These can include if specific headers are identified, attachments, links, message content or any other element that malware and virus scanning programs detect.
In embodiments that use an interdiction module, upon a rule being developed, the interdiction module can execute a quarantine of messages or the recipes module can execute actions with regard to any current or future messages that trigger this rule.
