Gsuite Outbound Email With Attachment To External Domain

Gsuite Outbound Email With Attachment To External Domain

Description

This search is to detect a suspicious outbound e-mail from internal email to external email domain. This can be a good hunting query to monitor insider or outbound email traffic for not common domain e-mail. The idea is to parse the domain of destination email check if there is a minimum outbound traffic < 20 with attachment.

   Help

Gsuite Outbound Email With Attachment To External Domain Help

To successfully implement this search, you need to be ingesting logs related to gsuite having the file attachment metadata like file type, file extension, source email, destination email, num of attachment and etc.

   Search

Open in Search