This alert detects whenever critical severity risks are added to your domain or IPs. Impact Depends on the type and parameters of the log. Please check the logs for more details. Mitigation To further investigate the alert, check fields like 'Domain', 'Title', 'Description' in the log. Also, check for any repeating alerts for the same domain/IP and adjacent logs.

This alert detects whenever high-severity risks are added to your domain or IPs. Impact Depends on the type and parameters of the log. Please check the logs for more details. Mitigation To further investigate the alert, check fields like 'Domain', 'Title', 'Description' in the log. Also, check for any repeating alerts for the same domain/IP and adjacent logs.

This alert detects whenever medium-severity risks are added to your domain or IPs. Impact Depends on the type and parameters of the log. Please check the logs for more details. Mitigation To further investigate the alert, check fields like 'Domain', 'Title', 'Description' in the log. Also, check for any repeating alerts for the same domain/IP and adjacent logs.

This alert detects when a remediation request has been automatically closed. UpGuard can help you keep track of all vendor-related remediation activities by letting you create, see and respond to remediation requests. Each remediation request outlines the risks that need to be remediated to the vendor and allows them to securely communicate with you. Please refer to the below link to know more about remediation requests: https://help.upguard.com/en/articles/3992587-how-to-manage-vendor-remediation-requests-with-upguard Impact If the remediation request is automatically closed without actually being remediated, this could potentially put your organization at risk. If the threat actors have gained an access to your systems, they can view these open risks and might exploit them. Mitigation Validate if the automatic closing of the remediation request is legitimate or not. if not, revert the changes and investigate further. MITRE Tactic: TA0040 MITRE Technique: T1565

This alert detects when accounts in the same account group grant or deny access to shared vendor assets. With Shared Assets, you can securely share questionnaires, additional evidence, and risk assessments with related entities who also use UpGuard. Shared Assets show all available assets that are owned by a related entity or the vendor. Please refer to the below link to know more about asset sharing: https://help.upguard.com/en/articles/5094336-what-are-shared-assets Impact Adversaries may take advantage of shared assets in different ways. For instance, adversaries may target a shared asset when it is shared by multiple accounts and then leverage its trusted access to another account/environment to launch an attack. Shared assets, in some cases, may not be deployed with a secure configuration leading to weaknesses that could allow an adversary to propagate malicious executable code, e.g., the shared asset may be infected by malware and when connected to another environment the malware propagates onto other systems. Mitigation If a shared asset is found compromised, scan the network to find any other possible signs of infection. Investigate further to check which accounts share that asset and what are the permissions assigned to the asset. Administrators are also recommended to check the integrity of the shared vendor asset. MITRE Tactic: TA0108 MITRE Technique: T0864

This alert detects whenever a user posts a new message/comment about a data leak that concerns your organization. The purpose of this alert is to understand if people in general are talking about the data leak. If the users have malicious intentions, they can in fact exploit the information available from the leaks. Impact Cybercriminals can misuse the leaked data to target victims with phishing or spear-phishing attacks. Also, publishing of data leak findings can ultimately take credibility away from an organization. Mitigation Identify all the sensitive data that was leaked. Continuously monitor the web forum where the data leak was published. Check whether the data leaks were published on multiple forums. Please refer to the below link to know more about best practices to prevent data leaks: https://www.upguard.com/blog/data-leak-prevention-tips MITRE Tactic: TA0105 MITRE Technique: T0882

This alert detects when a company's CSTAR score drops below a certain threshold value. The CSTAR score is a numeric value representing an organization's aptitude in the areas of compliance, integrity, and security. Please refer to the below link to know more about CSTAR: https://upguard.medium.com/how-cstar-works-74ec4db2c5d9 Impact Dropping of the CSTAR score indicates an organization's inability to detect and remediate vulnerabilities in the lowest possible time. It also indicates their inability to maintain their systems in a resilient state. This can impact an organization's brand reputation and trustworthiness among users. Mitigation Contact the organization in case the CSTAR score drops for them and investigate the possible reasons behind it. MITRE Tactic: TA0040 MITRE Technique: T1491

This alert detects when a company's CSTAR score drops by a certain threshold value in the last 'x' number of days. The CSTAR score is a numeric value representing an organization's aptitude in the areas of compliance, integrity, and security. Please refer to the below link to know more about CSTAR: https://upguard.medium.com/how-cstar-works-74ec4db2c5d9 Impact Dropping of the CSTAR score indicates an organization's inability to detect and remediate vulnerabilities in the lowest possible time. It also indicates their inability to maintain their systems in a resilient state. This can impact an organization's brand reputation and trustworthiness among users. Mitigation Contact the organization in case the CSTAR score drops for them and investigate the possible reasons behind it. MITRE Tactic: TA0040 MITRE Technique: T1491

This alert detects when a vendor's CSTAR score drops below a certain threshold value. The CSTAR score is a numeric value representing an organization's aptitude in the areas of compliance, integrity, and security. Please refer to the below link to know more about CSTAR: https://upguard.medium.com/how-cstar-works-74ec4db2c5d9 Impact Dropping of the CSTAR score indicates a vendor's/organization's inability to detect and remediate vulnerabilities in the lowest possible time. It also indicates their inability to maintain their systems in a resilient state. This can impact an organization's brand reputation and trustworthiness among users. Mitigation Contact the vendor/organization in case the CSTAR score drops for them and investigate the possible reasons behind it. MITRE Tactic: TA0040 MITRE Technique: T1491

This alert detects when a domain's CSTAR score drops below a certain threshold value. The CSTAR score is a numeric value representing an organization's aptitude in the areas of compliance, integrity, and security. Please refer to the below link to know more about CSTAR: https://upguard.medium.com/how-cstar-works-74ec4db2c5d9 Impact Dropping of the CSTAR score indicates a vendor's/organization's inability to detect and remediate vulnerabilities in the lowest possible time. It also indicates their inability to maintain their systems in a resilient state. This can impact an organization's brand reputation and trustworthiness among users. Mitigation Contact the vendor/organization responsible in case the CSTAR score drops for a domain belonging to them and investigate the possible reasons behind it. MITRE Tactic: TA0040 MITRE Technique: T1491

This alert detects when a vendor's CSTAR score drops by a certain threshold value in the last 'x' number of days. The CSTAR score is a numeric value representing an organization's aptitude in the areas of compliance, integrity, and security. Please refer to the below link to know more about CSTAR: https://upguard.medium.com/how-cstar-works-74ec4db2c5d9 Impact Dropping of the CSTAR score indicates a vendor's/organization's inability to detect and remediate vulnerabilities in the lowest possible time. It also indicates their inability to maintain their systems in a resilient state. This can impact an organization's brand reputation and trustworthiness among users. Mitigation Contact the vendor/organization in case the CSTAR score drops for them and investigate the possible reasons behind it. MITRE Tactic: TA0040 MITRE Technique: T1491

This alert detects whenever registration details for the typosquatted domain are updated. Typosquatting, or URL hijacking, is a form of cybersquatting targeting people that accidentally mistype a website address directly into their web browser URL field. Cybersquatters register domain names that are a slight variation of the target brand (usually a common spelling error). Impact With a malicious typosquatted domain registered by a threat actor, if a legitimate user accidentally misspells the right domain/website name while browsing that website, they can be directed to the malicious website and could be a victim of a phishing campaign. Mitigation Please check for any signs of infection in the network if a user visited a typosquatted domain. If found any, check for the browser history to find out the domain name visited. Please refer to the below link to know more about typosquatting and the preventive measures: https://www.upguard.com/blog/typosquatting MITRE Tactic: TA0042 MITRE Technique: T1583.001

This alert detects whenever a new domain name that looks similar to your domain spelling name is registered. This technique is known as typosquatting. In another word, Typosquatting, or URL hijacking, is a form of cybersquatting targeting people that accidentally mistype a website address directly into their web browser URL field. Cybersquatters register domain names that are a slight variation of the target brand (usually a common spelling error). Impact With a malicious typosquatted domain registered by a threat actor, if a legitimate user accidentally misspells the right domain/website name while browsing that website, they can be directed to the malicious website and could be a victim of a phishing campaign. Mitigation Please check for any signs of infection in the network if a user visited a typosquatted domain. If found any, check for the browser history to find out the domain name visited. Please refer to the below link to know more about typosquatting and the preventive measures: https://www.upguard.com/blog/typosquatting MITRE Tactic: TA0042 MITRE Technique: T1583.001

This alert detects when a CVE detected on one or more of your vendor's domains becomes part of the known exploited vulnerabilities catalog released by CISA. Please check the below link to see a complete list of all the known exploited vulnerabilities maintained by CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog Impact These vulnerabilities are generally widely exploited by threat actors. So, if not patched, they can exploit the CVEs to either gain initial access to your organization or escalate their existing privileges if already in. Mitigation Make sure to patch the vulnerabilities as soon as these are detected. If the vulnerabilities are already widely exploited, also make sure to scan the machines to check for the presence of any indicators of compromise. MITRE Tactic: TA0004 MITRE Technique: T1068

This alert detects when a CVE detected on one or more of your company's domains becomes part of the known exploited vulnerabilities catalog released by CISA. Please check the below link to see a complete list of all the known exploited vulnerabilities maintained by CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog Impact These vulnerabilities are generally widely exploited by threat actors. So, if not patched, they can exploit the CVEs to either gain initial access to your organization or escalate their existing privileges if already in. Mitigation Make sure to patch the vulnerabilities as soon as these are detected. If the vulnerabilities are already widely exploited, also make sure to scan the machines to check for the presence of any indicators of compromise. MITRE Tactic: TA0004 MITRE Technique: T1068

This alert detects when VIP email addresses from your company's domain are detected in a breach. This alert gives information about the specific breach name. VIP email addresses are highly lucrative for the threat adversaries. Impact If a threat actor has access to the email addresses of key executives of your company, they can target them using spear-phishing attacks in order to steal valuable information. Mitigation For all the email addresses detected to be part of a breach, change the corresponding passwords as a part of immediate action. Check if these email addresses in the past received any suspicious emails. If there were any, investigate further. MITRE Tactic: TA0043 MITRE Technique: T1589

This alert detects whenever an email address belonging to your organization's domain was found to be part of the leaked data from a security breach. Impact A threat actor if has access to the email addresses belonging to your domain, they can target employees of your organization using phishing or spear-phishing attacks. Mitigation For all the email addresses detected to be part of a breach, change the corresponding passwords as a part of immediate action. Check if these email addresses in the past received any suspicious emails. If there were any, investigate further. MITRE Tactic: TA0043 MITRE Technique: T1589

This alert detects when your organization's risk assessment report is published knowingly or unknowingly for the general public to view. This is a serious threat as it can give threat actors insight into existing weaknesses in your infrastructure and they can exploit these further if these weaknesses/vulnerabilities are not fixed. Impact Publishing the risk assessment report can give away crucial information such as critical unpatched vulnerabilities to threat actors. Threat actors can then exploit these to gain access to your organization. Mitigation Make sure to take the risk assessment report down from the internet as soon as it is identified. Patch the vulnerabilities identified in the risk assessment report as soon as possible to avoid any potential incident. Please refer to the below link to know more about third-party risk assessment best practices: https://www.upguard.com/blog/third-party-risk-assessment-best-practices MITRE Tactic: TA0105 MITRE Technique: T0882

This alert detects when new vulnerabilities are detected on the domain owned by you. You can also get information about the Common Vulnerabilities and Exposures (CVEs) names detected. Impact A threat actor can exploit the existing vulnerabilities to hijack your domain and perform actions such as taking down servers, stealing data, leading users to fraudulent sites, and performing Distributed Denial of Service (DDoS) attacks, etc. Mitigation Make sure to patch the vulnerabilities as soon as these are detected before threat actors can exploit them. If the vulnerabilities are already widely exploited, also make sure to scan the machines to check for the presence of any indicators of compromise. MITRE Tactic: TA0042 MITRE Technique: T1584

This alert detects whenever a news feed article is published about a security incident that involves/impacts either your organization directly or your vendors. Impact Following a breach, an organization may not just lose revenue but also brand reputation and customer trust. Mitigation Investigate the probable cause of the data breach. Make sure to reset the passwords for users across the organization. Please refer to the below link to know more about best practices to prevent data breaches: https://www.upguard.com/blog/prevent-data-breaches MITRE Tactic: TA0105 MITRE Technique: T0882

This alert detects when a new data leak finding is published. Data Leaks shows you where your organization's data is exposed on the Internet. This alert gives information about the data leak finding that was published, the time when it was published, along with a URL that leads to the finding in more detail. Impact Cybercriminals can misuse the leaked data to target victims with phishing or spear-phishing attacks. Also, publishing of data leak findings can ultimately take credibility away from an organization. Mitigation Identify all the sensitive data that was leaked. Continuously monitor the web forum where the data leak was published. Check whether the data leaks were published on multiple forums. Please refer to the below link to know more about best practices to prevent data leaks: https://www.upguard.com/blog/data-leak-prevention-tips MITRE Tactic: TA0105 MITRE Technique: T0882

This rule detects if there are no logs in the last 36 hours for UpGuard in the customer account. Note- This alert should configured with relevant app & subsystem. Impact Disabling logging is a tactic that adversaries might employ as part of various MITRE ATT&CK techniques to avoid detection, cover their tracks, or impede incident response investigations. Mitigation Address logging concerns to ensure comprehensive monitoring within the Coralogix SIEM system. MITRE Tactic: TA0005 MITRE Technique:T1562