Vendors Microsoft Corporation Office 365

Office 365

Microsoft Office 365 cloud productivity suite including Exchange Online, SharePoint Online, OneDrive for Business, and Azure Active Directory. Logs are captured via the Office 365 Management Activity API.

1 Data Source 3 Templates 0 Downloads

Download Package Documentation

CLI Install

Full ID

Exchange

No description available.

3 Templates

JSON Frequencyenum.medium Vol

📮 Inbox Rule Created with External Forwarding

New-InboxRule - User-level Email Forwarding

Captures New-InboxRule operations where users create inbox rules to automatically forward emails to external addresses. This is a common technique for data exfiltration and persistence as it bypasses administrator-level mailbox forwarding controls and can be harder to detect.

#exchange #inbox-rules #email-forwarding

View Preview

CLI Install

Full ID

JSON Frequencyenum.low Vol

📤 Mailbox External Forwarding Configuration

Set-Mailbox with ForwardingSmtpAddress - Data Exfiltration Risk

Captures Set-Mailbox operations that configure ForwardingSmtpAddress, enabling automatic forwarding of emails to external addresses. This is a critical security event as it's commonly used for data exfiltration and persistence.

#exchange #email-forwarding #data-exfiltration

View Preview

CLI Install

Full ID

JSON Frequencyenum.low Vol

🔑 Mailbox Permission Delegation

Add-MailboxPermission - Persistent Mailbox Access

Captures Add-MailboxPermission operations that grant mailbox access rights to other users. FullAccess permissions are particularly concerning as they provide complete mailbox access, survive password resets, and can enable long-term persistence for attackers.

#exchange #mailbox-permissions #delegation

View Preview

CLI Install

Full ID