Email Threat Detection and Response

Expand all | Collapse all

Rule to detect sender-recipient

  • 1.  Rule to detect sender-recipient

    Posted 01-07-2020 01:00 PM

    I need to create a rule that covers the scenarios below. We have already checked for support from Symantec and had the answer that it is not possible to set up to detect a sender by sending a message to only one recipient (one to one).

    Scenario 1: Detect (@acme for a popular domain- one for one)
    sender: @ ACME.com.br
    recipient: @ XXX.com

    Scenario 2: Do not detect (when you have @YYY.com as your recipient)
    sender: @ ACME.com.br
    recipient: @ XXX.com
    recipient: @ YYY.com.br



  • 2.  RE: Rule to detect sender-recipient

    Posted 01-29-2020 01:44 AM

    If Symantec have said it isn't possible, then it's not possible.