Email Forwarding Configuration with SAP download

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Content Index

---

This query detects external email forwarding with SAP download for sensitive financial transactions. Such activity by attackers may lead to financial gain, IP theft, or operational disruption.

Attribute	Value
Type	Hunting Query
Solution	Business Email Compromise - Financial Fraud
ID	0576750e-6b61-4545-845f-f5b8f29a0cc4
Tactics	InitialAccess, Collection, Exfiltration
Techniques	T1078, T1114, T1020
Required Connectors	SAP, MicrosoftThreatProtection, Office365
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Transformations	Ingestion API	Lake-Only
EmailEvents	✓	✗	?
OfficeActivity	✓	✗	?

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Hunting Queries · Back to Business Email Compromise - Financial Fraud