Rule for detecting email domain

I would like to create a rule to detect emails coming from specific domain for Strat malware email delivery. Please guide me how to do that:

You will be best off using create value lists and create a detection rule using the list. (please read in that order)

  1. Rule exceptions and value lists | Elastic Security Solution [7.13] | Elastic
  2. Create a detection rule | Elastic Security Solution [7.13] | Elastic

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.