Tag
medium
advisory
M365 Exchange Inbox Forwarding Rule Created
2 rules 1 TTPThis rule detects the creation of new inbox forwarding rules in Microsoft 365, which can be abused by attackers to intercept and exfiltrate email data to external addresses.
Microsoft 365
cloud
saas
email
microsoft_365
configuration_audit
email_collection
2r
1t
medium
advisory
Suspicious Inter-Process Communication via Outlook COM
2 rules 2 TTPsAdversaries may target user email to collect sensitive information or send email on their behalf via API by abusing Outlook's Component Object Model (COM) interface from unusual processes.
Outlook
email_collection
com_abuse
windows
2r
2t