Office Application Initiated Network Connection To Non-Local IP (75e33ce3-ae32-4dcc-9aa8-a2a3029d6f84)
Detects an office application (Word, Excel, PowerPoint) that initiate a network connection to a non-private IP addresses. This rule aims to detect traffic similar to one seen exploited in CVE-2021-42292. This rule will require an initial baseline and tuning that is specific to your organization.