O365 Suspicious User Email Forwarding

Description

This search detects when multiple user configured a forwarding rule to the same destination.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Security Monitoring

Category

Adversary Tactics

Alert Volume

This search detects when multiple user configured a forwarding rule to the same destination.

SPL Difficulty

None

Journey

Stage 1

MITRE ATT&CK Tactics

Collection

MITRE ATT&CK Techniques

Email Collection

Email Forwarding Rule

Data Sources

Email

   Search

Open in Search