Microsoft 365: Creation of External Forwarding/Redirect Rule in Exchange

The user {user} has created a new inbox rule named {name} in their Microsoft 365 account, with reference to {recipients}. Many times compromised accounts will create inbox rules to lengthen the amount of time before the compromise is detected. These rules will sometimes remove email from sent folders or delete all incoming messages to the victim's mailbox. <br><br> <b>Affected User:</b> {'[]':user:5:'(user undefined in log data)'}<br> <b>User Type:</b> {'[]':account_type:5:'(account_type undefined in log data)'}<br> <b>Client IP:</b> {'[]':client_ip:5:'(client_ip undefined in log data)'}<br> <b>Mail Rule Name:</b> {'[]':name:5:'(name undefined in log data)'}<br> <b>Forwarded/Redirected To:</b> {'[]':recipients:5:'(recipients undefined in log data)'}<br>