Monday.com

Monday.com - Flexible project management platform for workflow management.

Provider: Monday.com

Detection Rule MITRE Tactic MITRE Technique Criticality
Suspicious Login Activity Initial Access Valid Accounts (T1078) High
Investigation Actions (APIs) Query login attempts from SIEM
Create task on monday.com | Your go-to work platform for follow-up
Incident Creation Criteria More than 5 failed login attempts in 1 hour
Login from unusual IP
Unauthorized Email Forwarding Exfiltration Exfiltration Over Email (T1041) Medium
Investigation Actions (APIs) Check for new forwarding rules
Update monday.com | Your go-to work platform with findings
Incident Creation Criteria Creation of a new forwarding rule without approval
Alert for user attempts to forward emails externally
Phishing Email Detection Execution Phishing (T1566) High
Investigation Actions (APIs) Analyze email headers and links
Document findings on monday.com | Your go-to work platform
Incident Creation Criteria Email identified as phishing based on signature rules
Bulk Email Sending Command and Control Send Email (T1071.001) Medium
Investigation Actions (APIs) Detect patterns of bulk sending
Log incidents on monday.com | Your go-to work platform
Incident Creation Criteria More than 50 emails sent in a short time frame
Unusual Access Patterns Credential Access Credential Dumping (T1003) High
Investigation Actions (APIs) Identify unusual access to sensitive data
Update monday.com | Your go-to work platform task
Incident Creation Criteria Access to sensitive files from a non-privileged account
Suspicious Activity in Calendar Discovery Access Calendar (T1033) Low
Investigation Actions (APIs) Monitor calendar event creation/deletion
Log findings on monday.com | Your go-to work platform
Incident Creation Criteria Unusual number of events created or deleted by a user

APIs and Their Scopes

Detection Rule API Endpoint API Method Required API Scope Description
Suspicious Login Attempts /items POST items:write Create a new item (task) in a board for investigation
Unauthorized Email Forwarding /items POST items:write Create a new item documenting the unauthorized rule detection
Phishing Email Detection /items POST items:write Create an item to track phishing email analysis
Unusual Attachment Activity /items POST items:write Create a task for investigating unusual attachment activity
Bulk Email Sending /items POST items:write Log incident of bulk email sending as a new item
Unusual Access Patterns /items POST items:write Document unusual access patterns in a new task
Suspicious Activity in Calendar /items POST items:write Create an item to investigate suspicious calendar activity

Reports and Widgets for CISO

Report Name Widgets Description
Incident Summary Report Pie Chart: Incident Types (e.g., phishing, suspicious logins)

Overview of all security incidents detected in Outlook.

Bar Chart: Incidents by Severity (High, Medium, Low)
Trends in Incidents Report Line Graph: Incidents Over Time (daily/weekly/monthly)

Analysis of incident trends over time.

Area Chart: Incident Trend Analysis
Response Time Metrics KPI Widget: Average Response Time

Metrics showing average response times for detected incidents.

Bar Graph: Response Times by Incident Type
Investigation Status Report Status Column: Current Status of Investigations

Overview of the status of ongoing investigations.

Pie Chart: Investigations by Status (Resolved, Unresolved, Pending)
High-Risk Incidents Report List View: High-Risk Incidents with Details

Focused report on high-risk incidents that require immediate attention.

Bar Chart: High-Risk Incidents by User or Department
User Activity Report Table: Users with the Most Incidents

Analysis of user activities related to incidents.

Bar Graph: User Activity Levels (e.g., logins, email sends)
Email Filtering Results Report Pie Chart: Phishing Emails Detected vs. Filtered

Summary of phishing email detections and filtering results.

Line Graph: Monthly Phishing Attempts
Recommendations and Actions Report Checklist: Recommended Actions for High-Risk Incidents

Suggested actions based on incident trends and analysis.

Notes Section: CISO Remarks or Strategy Updates