Tag
medium
advisory
M365 Exchange Inbox Forwarding Rule Created
2 rules 1 TTPThis rule detects the creation of new inbox forwarding rules in Microsoft 365, which can be abused by attackers to intercept and exfiltrate email data to external addresses.
Microsoft 365
cloud
saas
email
microsoft_365
configuration_audit
email_collection
2r
1t
high
advisory
M365 or Entra ID Identity Sign-in from a Suspicious Source
2 rules 1 TTPThis rule correlates Entra-ID or Microsoft 365 mail successful sign-in events with network security alerts by source address, indicating potential initial access by adversaries triggering network security alerts before accessing cloud resources.
Microsoft 365 +1
cloud
saas
azure
entra_id
microsoft_365
initial_access
2r
1t