Possible partner impersonation in external Team messages

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Content Index

---

This query can be used as a Custom Detection Rule (CDR) to trigger when a partner email domain or email address is used in a Sender display name part of an inbound external Teams message

Attribute	Value
Type	Hunting Query
Solution	GitHub Only
ID	39cf1ec6-d460-4760-8a87-7d10577f6205
Tactics	DefenseEvasion
Techniques	T1562
Required Connectors	MicrosoftThreatProtection
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Transformations	Ingestion API	Lake-Only
MessageEvents	?	✗	?

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Hunting Queries