Suspicious Inbox Forwarding (6c220477-0b5b-4b25-bb90-66183b4089e8)
Detects when a Microsoft Cloud App Security reported suspicious email forwarding rules, for example, if a user created an inbox rule that forwards a copy of all emails to an external address.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Automated Exfiltration - T1020 (774a3188-6ba9-4dc4-879d-d54ee48a5ce9) | Attack Pattern | Suspicious Inbox Forwarding (6c220477-0b5b-4b25-bb90-66183b4089e8) | Sigma-Rules | 1 |