Test Detection for Microsoft 365 – Inbox Forwarding Rule
Microsoft 365 Inbox Forwarding Rule
The creation of an Microsoft 365 inbox rule is often a technique used to exfiltrate email that is often used for recon purposes in a staged attack. By monitoring for new inbox rule creation, you can have immediate awareness of what could be a malicious activity.How to Test Office365 Inbox Forwarding Rule
Prerequisites:- Office 365 module is configured and properly logging to Blumira
- Sign in to office365 email account in Outlook
- Navigate to Settings > View all Outlook settings
- Mail > Forwarding > Enable forwarding > add forwarding email address > Click Save
- Within minutes, a finding (alert) appears within the Blumira responder dashboard
Additional Security Resources
View All Posts![](https://4554405.fs1.hubspotusercontent-na1.net/hub/4554405/hubfs/Azure%20Threats-2.png?length=360&name=Azure%20Threats-2.png)
Product Updates
6 min read
| July 22, 2024
Detect and Respond to Azure Threats With Blumira: Easy Cloud SIEM Setup
Read More![](https://4554405.fs1.hubspotusercontent-na1.net/hub/4554405/hubfs/Imported_Blog_Media/Ransomware-Microsoft.png?length=360&name=Ransomware-Microsoft.png)
Security Trends and Info
5 min read
| April 26, 2024
Detecting and Preventing Ransomware Attacks in Microsoft Environments
Read More![](https://4554405.fs1.hubspotusercontent-na1.net/hub/4554405/hubfs/Imported_Blog_Media/mimikatz_logon.png?length=360&name=mimikatz_logon.png)
Security Alerts
8 min read
| April 19, 2024