Link Search Menu Expand Document

SCC_Threat_Intelligence_Mail_Data

ID: 100423

Description:

Security Compliance Center

Repository: Group: Office365ES Type: event

Default Status:

Enabled

Tags:    
SCC SecurityComplianceCenter O365
     

Selector:

Query:

Filters:

Field MUST hit
event.provider Audit.General
o365.audit.Workload ThreatIntelligence
o365.audit.RecordType 28
Field MUST NOT hit
   

Behavior Rule:

Key Type Behavior Category
o365.audit.P1Sender username application activity

Risks:

Risks Base Score Dimension
     

Attributes:

Alias Key
Operation o365.audit.Operation
RecordType o365.audit.RecordType
UserType o365.audit.UserType
ThreatDetectionMethod o365.audit.DetectionMethod
ThreatP1Sender o365.audit.P1Sender
ThreatP2Sender o365.audit.P2Sender
ThreatPolicyIndicator o365.audit.Policy
ThreatPolicyAction o365.audit.PolicyAction
ThreatSubjectLine o365.audit.Subject
ThreatVerdict o365.audit.Verdict
IP o365.audit.SenderIP

Correlation Rules:

History:

| User | Date | | :— | :— | | — | — |

This page was automatically created/formatted on Tue, 2021 Oct 19 00:29:17 EDT, from rule_dump.json (db47c470500ce8686ead334f5eda0596)