Monday.com
Monday.com - Flexible project management platform for workflow management.
Provider: Monday.com
Detection Rule | MITRE Tactic | MITRE Technique | Criticality | ||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Suspicious Login Activity | Initial Access | Valid Accounts (T1078) | High | ||||||||
|
|||||||||||
Unauthorized Email Forwarding | Exfiltration | Exfiltration Over Email (T1041) | Medium | ||||||||
|
|||||||||||
Phishing Email Detection | Execution | Phishing (T1566) | High | ||||||||
|
|||||||||||
Bulk Email Sending | Command and Control | Send Email (T1071.001) | Medium | ||||||||
|
|||||||||||
Unusual Access Patterns | Credential Access | Credential Dumping (T1003) | High | ||||||||
|
|||||||||||
Suspicious Activity in Calendar | Discovery | Access Calendar (T1033) | Low | ||||||||
|
APIs and Their Scopes
Detection Rule | API Endpoint | API Method | Required API Scope | Description |
---|---|---|---|---|
Suspicious Login Attempts | /items | POST | items:write | Create a new item (task) in a board for investigation |
Unauthorized Email Forwarding | /items | POST | items:write | Create a new item documenting the unauthorized rule detection |
Phishing Email Detection | /items | POST | items:write | Create an item to track phishing email analysis |
Unusual Attachment Activity | /items | POST | items:write | Create a task for investigating unusual attachment activity |
Bulk Email Sending | /items | POST | items:write | Log incident of bulk email sending as a new item |
Unusual Access Patterns | /items | POST | items:write | Document unusual access patterns in a new task |
Suspicious Activity in Calendar | /items | POST | items:write | Create an item to investigate suspicious calendar activity |
Reports and Widgets for CISO
Report Name | Widgets | Description |
---|---|---|
Incident Summary Report | Pie Chart: Incident Types (e.g., phishing, suspicious logins) |
Overview of all security incidents detected in Outlook. |
Bar Chart: Incidents by Severity (High, Medium, Low) | ||
Trends in Incidents Report | Line Graph: Incidents Over Time (daily/weekly/monthly) |
Analysis of incident trends over time. |
Area Chart: Incident Trend Analysis | ||
Response Time Metrics | KPI Widget: Average Response Time |
Metrics showing average response times for detected incidents. |
Bar Graph: Response Times by Incident Type | ||
Investigation Status Report | Status Column: Current Status of Investigations |
Overview of the status of ongoing investigations. |
Pie Chart: Investigations by Status (Resolved, Unresolved, Pending) | ||
High-Risk Incidents Report | List View: High-Risk Incidents with Details |
Focused report on high-risk incidents that require immediate attention. |
Bar Chart: High-Risk Incidents by User or Department | ||
User Activity Report | Table: Users with the Most Incidents |
Analysis of user activities related to incidents. |
Bar Graph: User Activity Levels (e.g., logins, email sends) | ||
Email Filtering Results Report | Pie Chart: Phishing Emails Detected vs. Filtered |
Summary of phishing email detections and filtering results. |
Line Graph: Monthly Phishing Attempts | ||
Recommendations and Actions Report | Checklist: Recommended Actions for High-Risk Incidents |
Suggested actions based on incident trends and analysis. |
Notes Section: CISO Remarks or Strategy Updates |