Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Adversaries often abuse email-forwarding rules to monitor victim activities, steal information, and gain intelligence on the victim or their organization. This query highlights cases where user mail is being forwarded, including to external domains.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | Microsoft 365 |
| ID | d49fc965-aef3-49f6-89ad-10cc4697eb5b |
| Tactics | Collection, Exfiltration |
| Techniques | T1114, T1020 |
| Required Connectors | Office365 |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
OfficeActivity |
OfficeWorkload == "Exchange" |
✓ | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊