Product: ADAuditPlus
Use-Case: Data Leak
Rules | Models | MITRE ATT&CK® TTPs | Activity Types | Parsers |
---|---|---|---|---|
3 | 0 | 2 | 1 | 1 |
Event Type | Rules | Models |
---|---|---|
app-activity | T1114 - Email Collection ↳ EM-InRule-EX: User has created an inbox forwarding rule to forward email to an external domain email ↳ EM-InRule-Public: User has created an inbox forwarding rule to forward email to a public email domain ↳ EM-InRule-Fin: User has created an inbox forwarding rule to forward emails containing financial keywords T1114.003 - Email Collection: Email Forwarding Rule ↳ EM-InRule-EX: User has created an inbox forwarding rule to forward email to an external domain email ↳ EM-InRule-Public: User has created an inbox forwarding rule to forward email to a public email domain ↳ EM-InRule-Fin: User has created an inbox forwarding rule to forward emails containing financial keywords |