PST Export Alert Using eDiscovery Alert (18b88d08-d73e-4f21-bc25-4b9892a4fdd0)
Alert on when a user has performed an eDiscovery search or exported a PST file from the search. This PST file usually has sensitive information including email body content
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| PST Export Alert Using eDiscovery Alert (18b88d08-d73e-4f21-bc25-4b9892a4fdd0) | Sigma-Rules | Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) | Attack Pattern | 1 |