Managed Sentinel – Alert 018

Alert IDMS-A018
Alert NameMCAS Malware Detected
DescriptionDetect files containing malware in your cloud environments by utilizing Cloud App Security’s integration with the Microsoft’s Threat Intelligence engine.
Severity LevelMedium
Threat IndicatorMalicious activity
MITRE ATT&CK TacticsExfiltration
Command and Control
Log sourcesMicrosoft Cloud App Security
Recommendations1. Review the suspicious activity identified via Microsoft Cloud App Security Portal
2. Contact the owner of the detected malicious file and notify him/her about the situation
3. Clean-up malicious file from the Cloud repository
4. Look for additional indicators of compromise related to the user or the system identified in the alert.