Skip to content
Get A Demo
Sign Up Free

    Test Detection for Microsoft 365 – Inbox Forwarding Rule

    Microsoft 365 Inbox Forwarding Rule

    The creation of an Microsoft 365 inbox rule is often a technique used to exfiltrate email that is often used for recon purposes in a staged attack. By monitoring for new inbox rule creation, you can have immediate awareness of what could be a malicious activity.

    How to Test Office365 Inbox Forwarding Rule

    • Office 365 module is configured and properly logging to Blumira
    Testing Steps:
    1. Sign in to office365 email account in Outlook
    2. Navigate to Settings > View all Outlook settings
    3. Mail > Forwarding > Enable forwarding > add forwarding email address > Click Save
    4. Within minutes, a finding (alert) appears within the Blumira responder dashboard

    Get Started for Free

    Experience the Blumira Free SIEM, with automated detection and response plus compliance reports for 3 cloud connectors, forever.

    Sign up