Reading Cyble’s write-up of the threat detected by signature 2039775, it sounds as though the traffic being matched is generated by malware once it’s running on an endpoint. As such, shouldn’t it be of “Critical” severity instead of “Major”?
Hey @samjenk - You’re definitely right on this one. I’ve updated the severity and the changes will be reflected in today’s release. It’s always great to hear that community members find the metadata and references useful 
!
Thanks,
Isaac
1 Like
Couldn’t do my job without them!
Thanks for getting that updated, @ishaughnessy.