Monday.com
Monday.com - Flexible project management platform for workflow management.
Provider: Monday.com
| Detection Rule | MITRE Tactic | MITRE Technique | Criticality | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Suspicious Login Activity | Initial Access | Valid Accounts (T1078) | High | ||||||||
|
|||||||||||
| Unauthorized Email Forwarding | Exfiltration | Exfiltration Over Email (T1041) | Medium | ||||||||
|
|||||||||||
| Phishing Email Detection | Execution | Phishing (T1566) | High | ||||||||
|
|||||||||||
| Bulk Email Sending | Command and Control | Send Email (T1071.001) | Medium | ||||||||
|
|||||||||||
| Unusual Access Patterns | Credential Access | Credential Dumping (T1003) | High | ||||||||
|
|||||||||||
| Suspicious Activity in Calendar | Discovery | Access Calendar (T1033) | Low | ||||||||
|
|||||||||||
APIs and Their Scopes
| Detection Rule | API Endpoint | API Method | Required API Scope | Description |
|---|---|---|---|---|
| Suspicious Login Attempts | /items | POST | items:write | Create a new item (task) in a board for investigation |
| Unauthorized Email Forwarding | /items | POST | items:write | Create a new item documenting the unauthorized rule detection |
| Phishing Email Detection | /items | POST | items:write | Create an item to track phishing email analysis |
| Unusual Attachment Activity | /items | POST | items:write | Create a task for investigating unusual attachment activity |
| Bulk Email Sending | /items | POST | items:write | Log incident of bulk email sending as a new item |
| Unusual Access Patterns | /items | POST | items:write | Document unusual access patterns in a new task |
| Suspicious Activity in Calendar | /items | POST | items:write | Create an item to investigate suspicious calendar activity |
Reports and Widgets for CISO
| Report Name | Widgets | Description |
|---|---|---|
| Incident Summary Report | Pie Chart: Incident Types (e.g., phishing, suspicious logins) |
Overview of all security incidents detected in Outlook. |
| Bar Chart: Incidents by Severity (High, Medium, Low) | ||
| Trends in Incidents Report | Line Graph: Incidents Over Time (daily/weekly/monthly) |
Analysis of incident trends over time. |
| Area Chart: Incident Trend Analysis | ||
| Response Time Metrics | KPI Widget: Average Response Time |
Metrics showing average response times for detected incidents. |
| Bar Graph: Response Times by Incident Type | ||
| Investigation Status Report | Status Column: Current Status of Investigations |
Overview of the status of ongoing investigations. |
| Pie Chart: Investigations by Status (Resolved, Unresolved, Pending) | ||
| High-Risk Incidents Report | List View: High-Risk Incidents with Details |
Focused report on high-risk incidents that require immediate attention. |
| Bar Chart: High-Risk Incidents by User or Department | ||
| User Activity Report | Table: Users with the Most Incidents |
Analysis of user activities related to incidents. |
| Bar Graph: User Activity Levels (e.g., logins, email sends) | ||
| Email Filtering Results Report | Pie Chart: Phishing Emails Detected vs. Filtered |
Summary of phishing email detections and filtering results. |
| Line Graph: Monthly Phishing Attempts | ||
| Recommendations and Actions Report | Checklist: Recommended Actions for High-Risk Incidents |
Suggested actions based on incident trends and analysis. |
| Notes Section: CISO Remarks or Strategy Updates |