Skip to content
English
Go to Mercury
  • There are no suggestions because the search field is empty.

How does QuoIntelligence prioritize my DRP incidents?

This article explains how Quointelligence prioritizes your incidents, helping you to mitigate risks efficiently.

 QuoIntelligence's Digital Risk Protection (DRP) Prioritization Procedure

At QuoIntelligence, we understand that every incident affecting your operations is critical and requires a timely response. Our analysts prioritize incidents to ensure that the most critical issues receive the attention they need promptly.

The priority of DRP alerts is determined by several factors, including the nature and severity of the identified risk. 

We use a scale from Low to High risk.

Low Priority

Low-priority alerts indicate potential risks that could evolve but currently do not pose an immediate threat. These alerts are informational and should be monitored for any signs of increasing risk.

Normal Priority

Normal-priority alerts indicate a potential threat that requires timely action to prevent damage. While there is no proof of an imminent threat, these alerts should be evaluated, and actions should be taken accordingly.

High Priority

High-priority alerts indicate an immediate threat that needs to be addressed immediately to prevent further damage. These alerts are confirmed to be malicious or highly likely to result in damage. 

Examples

Low Priority

Below, some examples to illustrate Low Priority incidents according to their category:

  • Domain/Keyword Match: The alert is triggered by keywords or infrastructure disclosed in the Golden List without any indication of malicious activity. For instance:
    • No Mail Exchanger (MX) record exists.
    • No Secure Sockets Layer (SSL) certificate is associated with the domain.
    • The IP address is not associated with a bad reputation.
    • The domain is not hosting or redirecting to any content, is parked, or is for sale.
    • The domain includes a keyword match but is associated with a potentially unrelated, legitimate business.
  • Leaked Employee Credentials: Credentials with low complexity, unlikely to be used internally.
  • Abandoned Profiles: Profiles without pictures that seem abandoned and not clearly malicious.

    Normal Priority

    Below, some examples to illustrate Normal Priority incidents according to their category

  • Leaked Personally Identifiable Information: Information that could potentially be used in phishing campaigns or similar attacks.
  • Suspicious Domains: Domains similar enough to legitimate ones that could be abused for phishing or similar attacks, even if there is currently no proof of malicious activity.
    • Domains set up to send or receive emails (e.g., having an MX record).
    • IP addresses known to be associated with malicious or questionable content.
  • Employee Credentials: Leaked credentials as part of a data dump or breach with reasonably complex passwords, but no signs of direct internal network compromise.
  • Client Credentials: Leaked client credentials as part of a data dump or breach.
  • Client Communications: Emails containing regular activity such as invoices unless marked confidential or containing sensitive information, which would elevate the priority.
  • Social Media Impersonation: Pages that seem official but are not listed in our golden source list, using trademarked logos and names without clear malicious intent.

High Priority

Below, some examples to illustrate High Priority incidents according to their category:

  • Malicious Domains: Domains that resemble legitimate ones with proof of malicious activity, such as hosting phishing pages, clearly abusing your brands (domain impersonation) or conducting fraudulent activities.
  • Sensitive Information Leaks: Leaks of sensitive information, credentials, or data directly related to the organization that could harm the organization's reputation.
  • Internal Network Compromise: Leaked employee credentials from data dumps or breaches, with passwords complex enough to imply the compromised machine is part of the internal network.
  • Critical Client Communications: Emails with immediate usable information for abuse.
  • Social Media with Malicious Use - Pages using the trademarked logo and name for malicious purposes, such as spear phishing or fraudulent campaigns.
  • VIP Malicious Profiles: Profiles of individuals in our golden source list that do not match the provided client link and seem malicious or hijacked VIP profiles.