This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Intercept X - Multiple Threat Cases for Singular Detection

Does anyone else get 10+ threat cases created for a single detection? For example, Sophos picked up some phishing from Outlook and generated 10+ threat cases:

I don't think the user would try 10 times to open this email attachment. Anyone have any ideas why we'd see so many entries? Give or take it's a new one every ten minutes.



This thread was automatically locked due to age.
Parents Reply Children
  • I can see the source of the infection in the threat case. In this case it's an email attachment from a phishing email. My question is why do I get 15 threat cases generated for one detection?

  • FormerMember
    0 FormerMember in reply to alars15

    the first thing I would check is the hash of each file. Some phishing campaigns create a new file for each targeted user (unique file = unique hash) which would like like a new detection to the scanner and could cause multiple similar Threat Cases.