LoFP
/
t1114
t1114
Title
Tags
administrators may create custom email routes in google workspace based on organizational policies, administrative preference or for security purposes regarding spam.
t1114
google_workspace
elastic
exporting a pst can be done for legitimate purposes by legitimate sources, but due to the sensitive nature of pst content, it must be monitored.
t1114
m365
sigma
forwarding mail flow rules may be created for legitimate reasons, filter as needed.
t1114
o365 tenant
splunk
go utilities that use staaldraad awesome ntlm library
t1059
t1087
t1114
t1550
t1550.002
windows
sigma
legitimate exchange system administration activity.
t1005
t1059
t1098
t1114
windows
elastic
pst export can be done for legitimate purposes but due to the sensitive nature of its content it must be monitored.
t1114
o365 tenant
splunk
users and administrators can create inbox rules for legitimate purposes. verify if it complies with the company policy and done with the user's consent. exceptions can be added to this rule to filter expected behavior.
t1114
o365
elastic
LoFP
/
t1114