Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
Identify emails that were send from an address external to your company and where email was send to more then 50 distinct corporate users. Update corporatedomain.com to your corporate domain to have it excluded. Update 50 if you want to adjust the distinct user count.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | GitHub Only |
| ID | 50835f49-7e5b-4852-a05a-f5aab2f40dd1 |
| Tactics | Initial access |
| Required Connectors | MicrosoftThreatProtection |
| Source | [View on GitHub](https://github.com/Azure/Azure-Sentinel/blob/master/Hunting Queries/Microsoft%20365%20Defender/Initial%20access/identify-potential-missed-phishing-email-campaigns.yaml) |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊