Suspicious Inbox Forwarding Identity Protection (27e4f1d6-ae72-4ea0-8a67-77a73a289c3d)

Indicates suspicious rules such as an inbox rule that forwards a copy of all emails to an external address

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Email Forwarding Rule - T1114.003 (7d77a07d-02fe-4e88-8bd9-e9c008c01bf0)	Attack Pattern	Suspicious Inbox Forwarding Identity Protection (27e4f1d6-ae72-4ea0-8a67-77a73a289c3d)	Sigma-Rules	1
Email Forwarding Rule - T1114.003 (7d77a07d-02fe-4e88-8bd9-e9c008c01bf0)	Attack Pattern	Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f)	Attack Pattern	2