When you create a custom SecurityTip, you can assign it a topic. Topics refer to the type of risky behavior the user has done. See the chart below for a complete list of the topics, use cases, and calls to action.
| Topic | Use Case – Potential Rule Detection |
| Adult Website | A user accessed an adult website on their device. |
| Advanced Persistent Threat | Unusual activity is detected on a user's device, such as a large volume of files is deleted, sensitive information is collected, command and control behavior are detected, or malware is executed. |
| Adware | Adware is detected on a user's device. |
| Alcohol / Drug Website | A user has accessed an alcohol- or drug-related website on their device. |
| Backdoor Malware | A user has a computer program on their device that secretly provides a cybercriminal privileged access or unauthorized access to a system. |
| Bring-Your-Own-Devices | A user is using their own device rather than an organized-issued device. |
| Business Email Compromise | A phishing email impersonating or coming from a work-related email account was detected, the user's business email account has been compromised, or CEO fraud was detected. |
| Cloud Permissions | A user misused cloud permissions while sharing documents or files in the cloud. |
| Copyright Infringement | A user visited or downloaded copyright infringement material. |
| Credential Theft | Password theft is detected. |
| Cryptomining Malware | Cryptomining malware is detected on a user's device. |
| Cryptomining Website | A user accessed a cryptomining-related website on their device. |
| Data Breach | Credentials or potentially sensitive data is leaked from a user's device. |
| Data Security – Encryption | A threat is detected on the user's device that requires full disk encryption to mitigate it, or if ransomware encryption activity is detected. |
| Data Security – Exfiltration | There is an unauthorized removal of data or files from a user's device. |
| Data Security – Sharing | A user shared sensitive data externally through email, websites, or shared access to cloud storage. |
| Data Security – Transfer | There is a transfer of sensitive data as files or documents externally through email, websites, or sending through cloud storage functionality. |
| Dating Website | A user accessed a dating website on their device. |
| Document Malware | A user downloaded a document from their email, which may or may not be malicious. |
| Email Attachments | A user clicked on or downloaded an attachment from an email. |
| Email Forwarding | Email forwarding rules are unusual, unapproved, or sending to an external email. |
| Email Links | A user clicked on a potential malicious link. |
| Email Safety | Out-of-domain email forwarding and suspicious email sending patterns are detected. |
| Email Spoofing | A phishing email impersonating a user was detected. |
| Endpoint Safety | Remote access software was used on the user's device, malicious or suspicious activity or applications were detected, command and control or botnet behavior was detected, or cryptomining malware was detected. |
| Exploit | Ransomware was found on the user's device, a file or malicious code was found on the user's device that exploits a known vulnerability in either software or on their operating system, or a command and control activity was found on the user's device. |
| Freeware | Freeware or free software is detected on a user's device. |
| Gambling Website | A user accessed a gambling-related website on their device. |
| Gaming Website | A user accessed a gaming-related website on their device. |
| Insider Threat | The activity on the user's device makes it seem that the user may be a security threat to the organization. |
| Malware | Malware is detected on a user’s device. |
| Mobile Endpoint Safety | Malicious, suspicious activity, or software is detected on the user’s device or a non-compliant device has connected to organizational network. |
| Mobile Malware | Malware has been detected on a mobile device. |
| Multi-Factor Authentication | A user has disabled multi-factor or two-factor authentication, or high severity malicious activity has been detected on the user's device. |
| Network Safety | A user’s activities have been identified as risky at the network level. |
| Online Safety | A user's browsing activities have been identified as risky. |
| P2P Website | A user accessed a peer-to-peer (P2P)-related website on their device. |
| Password Safety | A broad range of password-related events may have been identified, including if there are multiple failed login attempts; login credentials are accessed, detected, or leaked online as in a data breach; credential theft is detected taken from the user's device; credentials are dumped from the operating system memory or cache; or suspicious login activity is detected. |
| Phishing | A user interacted with a phishing email. |
| Pirate Website | A user accessed a pirate website on their device. |
| Privacy | The sharing of personal or financial information was detected, either through email or a website. |
| Privileged Access | A user’s access permissions were detected as being elevated, which can be used to exfiltrate sensitive data or allow a cybercriminal to move through a network. |
| PUP | A potentially unwanted program (PUP) was detected on a user's device. |
| Ransomware | Ransomware is detected on a user's device, or the user downloaded a file from the internet that contains ransomware. |
| Remote Access Security | Remote access software is suspiciously used on a user's device. |
| Restricted Website |
A user accessed an unidentified restricted website.
Note:An admin can create a campaign that doesn't specify the type of restricted website that was visited by the user.
|
| Rootkit | A computer program was detected on the user's device that secretly provides a cybercriminal privileged access or unauthorized access to a system. |
| Sensitive Organizational Data | A user shared organizational data that shouldn’t be shared. |
| Sensitive Personal Data | A user shared sensitve personal information. |
| Shareware | Shareware is detected on a user's device. |
| Shopping Website | A user accessed a shopping website on their device. |
| Social Engineering | A user fell for social engineering. |
| Social Website | A user accessed a social media website on their device. |
| Software Security | Command and control are detected on the user's device, a vulnerability or exploit is detected, or an external software download is detected. |
| Spam | A user received a spam email or a user is flagged as sending spam messages. |
| Spyware | Spyware is detected on a user's device, or software is downloaded from an external website. |
| Trojan Horse | A trojan is detected on a user's device. |
| URLs and Hyperlinks | A user clicked a malicious URL, hyperlink, or phishing link. |
| USB Safety | Removable media usage is detected or blocked. |
| Video Streaming Website | The user accessed a video streaming website on their device. |
| Viruses and Worms | A virus or worm is detected on a user's device |
| VPN Best Practices | A user connected to a third-party VPN. |