Techniques
Sample rules
Suspicious Inbox Forwarding Identity Protection
- source: sigma
- technicques:
- t1140
Description
Indicates suspicious rules such as an inbox rule that forwards a copy of all emails to an external address
Detection logic
condition: selection
selection:
riskEventType: suspiciousInboxForwarding