LoFP
/
T1098.002
T1098.002
Title
Tags
fullaccess mailbox delegation may be assigned for legitimate purposes, filter as needed.
t1098
T1098.002
o365 tenant
splunk
mailbox folder permissions may be configured for legitimate purposes, filter as needed.
t1098
T1098.002
o365 tenant
splunk
the full_access_as_app api permission may be assigned to legitimate applications. filter as needed.
T1098.002
t1098.003
o365 tenant
azure active directory
splunk
while infrequent, the applicationimpersonation role may be granted for leigimate reasons, filter as needed.
t1098
T1098.002
o365 tenant
splunk
while there are legitimate scenarios for these permissions, such as an executive assistant needing access to an executive's mailbox, there are also malicious scenarios. investigate and filter as needed.
t1098
T1098.002
t1114
T1114.002
o365 tenant
splunk