User Email Submissions (FN) - Top Detection Overrides by Admins

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Content Index

---

This query visualises emails submitted as false negatives by users where emails were already detected by MDO but there was an admin definded policy override

Attribute	Value
Type	Hunting Query
Solution	GitHub Only
ID	a52e4273-cf3c-4125-b03d-41b99f64197f
Tactics	InitialAccess
Techniques	T1566
Required Connectors	MicrosoftThreatProtection
Source	[View on GitHub](https://github.com/Azure/Azure-Sentinel/blob/master/Hunting Queries/Microsoft%20365%20Defender/Email%20and%20Collaboration%20Queries/Submissions/User%20Submissions%20-%20Top%20detection%20overrides%20by%20Admins.yaml)

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Hunting Queries