Outlook EnableUnsafeClientMailRules Setting Enabled (55f0a3a1-846e-40eb-8273-677371b8d912)

Detects an attacker trying to enable the outlook security setting "EnableUnsafeClientMailRules" which allows outlook to run applications or execute macros

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Outlook EnableUnsafeClientMailRules Setting Enabled (55f0a3a1-846e-40eb-8273-677371b8d912)	Sigma-Rules	1
Outlook EnableUnsafeClientMailRules Setting Enabled (55f0a3a1-846e-40eb-8273-677371b8d912)	Sigma-Rules	Indirect Command Execution - T1202 (3b0e52ce-517a-4614-a523-1bd5deef6c5e)	Attack Pattern	1