Hi,
My SIEM received this cisco ftd alert :
Event Name: FILE-OFFICE Microsoft MSHTML ActiveX control bypass attempt
Event Description: FILE-OFFICE Microsoft MSHTML ActiveX control bypass attempt
Category: ActiveX Exploit
This communication is intercepted by FTD between our gateway and email server.
In the event payload, i d'ont see informations about the user from/destination email.
I woud like to know if it is a false positive.
Thank you in advance for yours answers