User Email Submissions (FN) - Top Detection Overrides by Admins

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Content Index

---

This query visualises emails submitted as false negatives by users where emails were already detected by MDO but there was an admin definded policy override

Attribute	Value
Type	Hunting Query
Solution	GitHub Only
ID	a52e4273-cf3c-4125-b03d-41b99f64197f
Tactics	InitialAccess
Techniques	T1566
Required Connectors	MicrosoftThreatProtection
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Selection Criteria	Transformations	Ingestion API	Lake-Only
CloudAppEvents	ActionType == "UserSubmission"	✓	✗	?

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Hunting Queries