Alert Name: SOC138 – Detected Suspicious Xls File Severity: High Event ID: 77 Event Time: Mar 13, 2021, 08:20 PM Category: Malware Play Book 1. Alert Overview A high-risk malware alert was triggered due to the detection of a suspicious Excel macro-enabled file (.xlsm) on the host Sofia. Macro-enabled Excel documents are commonly abused to deliver malware via embedded VBA code that downloads and executes malicious payloads. The file was allowed by the security device, increasing the potential risk of system compromise.