Top domains outbound sending Malicious Teams messages inbound

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Content Index

---

This query looking for potential partner compromise via comparing outbound Teams message traffic per target domain and looking for malicious Teams messages from the same domains as inbound.

Attribute	Value
Type	Hunting Query
Solution	GitHub Only
ID	af2b5dbd-4b66-47b4-9936-abfecb246ba1
Tactics	InitialAccess
Techniques	T1566
Required Connectors	MicrosoftThreatProtection
Source	[View on GitHub](https://github.com/Azure/Azure-Sentinel/blob/master/Hunting Queries/Microsoft%20365%20Defender/Email%20and%20Collaboration%20Queries/Microsoft%20Teams%20protection/Top%20domains%20outbound%20sending%20Malicious%20Teams%20messages%20inbound.yaml)

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Hunting Queries