open-menu
closeme
Attempts to Brute Force a Microsoft 365 User Account
calendar
Oct 10, 2024
·
Domain: Cloud
Domain: SaaS
Data Source: Microsoft 365
Use Case: Identity and Access Audit
Use Case: Threat Detection
Tactic: Credential Access
·
Share on:
twitter
facebook
linkedin
copy
Microsoft 365 Portal Login from Rare Location
calendar
Sep 28, 2024
·
Domain: Cloud
Data Source: Microsoft 365
Use Case: Threat Detection
Tactic: Initial Access
·
Share on:
twitter
facebook
linkedin
copy
Microsoft 365 Portal Logins from Impossible Travel Locations
calendar
Sep 28, 2024
·
Domain: Cloud
Data Source: Microsoft 365
Use Case: Threat Detection
Tactic: Initial Access
·
Share on:
twitter
facebook
linkedin
copy
Deprecated - Potential Password Spraying of Microsoft 365 User Accounts
calendar
Sep 10, 2024
·
Domain: Cloud
Data Source: Microsoft 365
Use Case: Identity and Access Audit
Tactic: Credential Access
·
Share on:
twitter
facebook
linkedin
copy
Microsoft 365 Impossible travel activity
calendar
Sep 5, 2024
·
Domain: Cloud
Data Source: Microsoft 365
Use Case: Configuration Audit
Tactic: Initial Access
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Microsoft 365 Mail Access by ClientAppId
calendar
Jul 5, 2024
·
Domain: Cloud
Data Source: Microsoft 365
Use Case: Configuration Audit
Tactic: Initial Access
·
Share on:
twitter
facebook
linkedin
copy
New or Modified Federation Domain
calendar
Jun 4, 2024
·
Domain: Cloud
Data Source: Microsoft 365
Use Case: Identity and Access Audit
Tactic: Privilege Escalation
·
Share on:
twitter
facebook
linkedin
copy
Microsoft 365 Exchange Anti-Phish Policy Deletion
calendar
May 22, 2024
·
Domain: Cloud
Data Source: Microsoft 365
Use Case: Configuration Audit
Tactic: Initial Access
·
Share on:
twitter
facebook
linkedin
copy
Microsoft 365 Exchange Anti-Phish Rule Modification
calendar
May 22, 2024
·
Domain: Cloud
Data Source: Microsoft 365
Use Case: Configuration Audit
Tactic: Initial Access
·
Share on:
twitter
facebook
linkedin
copy
Microsoft 365 Exchange DKIM Signing Configuration Disabled
calendar
May 22, 2024
·
Domain: Cloud
Data Source: Microsoft 365
Tactic: Persistence
·
Share on:
twitter
facebook
linkedin
copy
Microsoft 365 Exchange DLP Policy Removed
calendar
May 22, 2024
·
Domain: Cloud
Data Source: Microsoft 365
Use Case: Configuration Audit
Tactic: Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
Microsoft 365 Exchange Malware Filter Policy Deletion
calendar
May 22, 2024
·
Domain: Cloud
Data Source: Microsoft 365
Use Case: Configuration Audit
Tactic: Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
Microsoft 365 Exchange Malware Filter Rule Modification
calendar
May 22, 2024
·
Domain: Cloud
Data Source: Microsoft 365
Use Case: Configuration Audit
Tactic: Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
Microsoft 365 Exchange Management Group Role Assignment
calendar
May 22, 2024
·
Domain: Cloud
Data Source: Microsoft 365
Use Case: Identity and Access Audit
Tactic: Persistence
·
Share on:
twitter
facebook
linkedin
copy
Microsoft 365 Exchange Safe Attachment Rule Disabled
calendar
May 22, 2024
·
Domain: Cloud
Data Source: Microsoft 365
Use Case: Configuration Audit
Tactic: Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
Microsoft 365 Exchange Safe Link Policy Disabled
calendar
May 22, 2024
·
Domain: Cloud
Data Source: Microsoft 365
Use Case: Identity and Access Audit
Tactic: Initial Access
·
Share on:
twitter
facebook
linkedin
copy
Microsoft 365 Exchange Transport Rule Creation
calendar
May 22, 2024
·
Domain: Cloud
Data Source: Microsoft 365
Use Case: Configuration Audit
Tactic: Exfiltration
·
Share on:
twitter
facebook
linkedin
copy
Microsoft 365 Exchange Transport Rule Modification
calendar
May 22, 2024
·
Domain: Cloud
Data Source: Microsoft 365
Use Case: Configuration Audit
Tactic: Exfiltration
·
Share on:
twitter
facebook
linkedin
copy
Microsoft 365 Global Administrator Role Assigned
calendar
May 22, 2024
·
Domain: Cloud
Data Source: Microsoft 365
Use Case: Identity and Access Audit
Tactic: Persistence
·
Share on:
twitter
facebook
linkedin
copy
Microsoft 365 Inbox Forwarding Rule Created
calendar
May 22, 2024
·
Domain: Cloud
Data Source: Microsoft 365
Use Case: Configuration Audit
Tactic: Collection
·
Share on:
twitter
facebook
linkedin
copy
Microsoft 365 Potential ransomware activity
calendar
May 22, 2024
·
Domain: Cloud
Data Source: Microsoft 365
Use Case: Configuration Audit
Tactic: Impact
·
Share on:
twitter
facebook
linkedin
copy
Microsoft 365 Teams Custom Application Interaction Allowed
calendar
May 22, 2024
·
Domain: Cloud
Data Source: Microsoft 365
Use Case: Configuration Audit
Tactic: Persistence
·
Share on:
twitter
facebook
linkedin
copy
Microsoft 365 Teams External Access Enabled
calendar
May 22, 2024
·
Domain: Cloud
Data Source: Microsoft 365
Use Case: Configuration Audit
Tactic: Persistence
·
Share on:
twitter
facebook
linkedin
copy
Microsoft 365 Teams Guest Access Enabled
calendar
May 22, 2024
·
Domain: Cloud
Data Source: Microsoft 365
Use Case: Configuration Audit
Tactic: Persistence
·
Share on:
twitter
facebook
linkedin
copy
Microsoft 365 Unusual Volume of File Deletion
calendar
May 22, 2024
·
Domain: Cloud
Data Source: Microsoft 365
Use Case: Configuration Audit
Tactic: Impact
·
Share on:
twitter
facebook
linkedin
copy
Microsoft 365 User Restricted from Sending Email
calendar
May 22, 2024
·
Domain: Cloud
Data Source: Microsoft 365
Use Case: Configuration Audit
Tactic: Initial Access
·
Share on:
twitter
facebook
linkedin
copy
O365 Email Reported by User as Malware or Phish
calendar
May 22, 2024
·
Domain: Cloud
Data Source: Microsoft 365
Tactic: Initial Access
·
Share on:
twitter
facebook
linkedin
copy
O365 Excessive Single Sign-On Logon Errors
calendar
May 22, 2024
·
Domain: Cloud
Data Source: Microsoft 365
Use Case: Identity and Access Audit
Tactic: Credential Access
·
Share on:
twitter
facebook
linkedin
copy
O365 Exchange Suspicious Mailbox Right Delegation
calendar
May 22, 2024
·
Domain: Cloud
Data Source: Microsoft 365
Use Case: Configuration Audit
Tactic: Persistence
·
Share on:
twitter
facebook
linkedin
copy
O365 Mailbox Audit Logging Bypass
calendar
May 22, 2024
·
Domain: Cloud
Data Source: Microsoft 365
Tactic: Initial Access
Tactic: Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
OneDrive Malware File Upload
calendar
May 22, 2024
·
Domain: Cloud
Data Source: Microsoft 365
Tactic: Lateral Movement
·
Share on:
twitter
facebook
linkedin
copy
SharePoint Malware File Upload
calendar
May 22, 2024
·
Domain: Cloud
Data Source: Microsoft 365
Tactic: Lateral Movement
·
Share on:
twitter
facebook
linkedin
copy
Microsoft 365 Mass download by a single user
calendar
Jun 22, 2023
·
Domain: Cloud
Data Source: Microsoft 365
Use Case: Configuration Audit
Tactic: Exfiltration
·
Share on:
twitter
facebook
linkedin
copy
to-top