Threat Essentials - Mail redirect via ExO transport rule

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Content Index

---

Identifies when Exchange Online transport rule configured to forward emails. This could be an adversary mailbox configured to collect mail from multiple user accounts.

Attribute	Value
Type	Analytic Rule
Solution	SecurityThreatEssentialSolution
ID	d7c575b2-84f5-48cb-92c5-70d7e8246284
Severity	Medium
Status	Available
Kind	Scheduled
Tactics	Collection, Exfiltration
Techniques	T1114, T1020
Required Connectors	Office365
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Selection Criteria	Transformations	Ingestion API	Lake-Only
OfficeActivity	OfficeWorkload == "Exchange"	✓	✗	?

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Analytic Rules · Back to SecurityThreatEssentialSolution