Vectra AI Japan、ITR発行の最新レポート内「NDR市場」にて国内トップシェアを獲得

詳細を見る

Research & Insights

Expert insights from Vectra AI data scientists, product engineers and security researchers empower your SOC analysts to make faster, smarter decisions.

Up-level your SOC with insights from security experts at Vectra AI, based on real-world experiences defending hybrid enterprise environments.

Join our security researchers, data scientists, and analysts as we share 11+ years of security-AI research and expertise with the global cybersecurity community.

See the Vectra AI Platform in action.

See how integrated signal from Vectra AI lets you see and stop sophisticated attacks other technologies miss.

Take the interactive tour

Resources

Breaking news and expert insights

Blue Team Workshops, on-demand webinars and global events near you

Join our security researchers, data scientists, and analysts as we share 11+ years of security-AI research and expertise with the global cybersecurity community.

Research reports, attack anatomies, white papers, guides, datasheets and customer stories

Demo Videos & Tours

See the Vectra AI Platform in action.

See how integrated signal from Vectra AI lets you see and stop sophisticated attacks other technologies miss.

Take the interactive tour

Company

See why we’re the world leader in AI security

Request an intro with a Vectra AI security expert

Deployment guides, knowledge base, release notes and security announcements

Join the team behind the world’s first AI-based cybersecurity platform

Breaking news from Vectra AI

Expert insight from security researchers, data scientists and engineers

Now Playing: 2024 State of Threat Detection and Response

Explore key insights from the 2024 State of Threat Detection and Response report, highlighting defender challenges, AI adoption, and the vendor disconnect.

Back to all detections

M365 Suspicious Mailbox Rule Creation

M365 Suspicious Mailbox Rule Creation

Possible Root Causes

Example Scenarios

Business Impact

Steps to Investigate

MITRE ATT&CK Techniques

Related Detections

Detection overview

Triggers

An account was observed creating suspicious mailbox rules in Exchange that allow an attacker to manipulate, hide, or delete incoming emails.

Possible Root Causes

An attacker with control of an account created mailbox rules that hide or manipulate emails to either evade notice by the mailbox owner or impact business processes.
A user created a benign but broad or abnormal inbox rule as part of normal business email management.

Business Impact

Instances of malicious mailbox rules may indicate an adversary has control of an internal mailbox and can access the users email data and send emails internally and externally on behalf of the user.
A successful attack can result in immediate data theft or reputation loss from the compromised account.
A successful attack can result in additional business impact through targeted phishing from the internal account, as they are often trusted and subsequent to less strict security controls relative to external accounts.

Steps to Verify

Investigate the account that performed the action for other indications of malicious activity
If review indicates possible malicious actions, revert configuration and disable credentials associated with this alert, then perform a comprehensive investigation.

M365 Suspicious Mailbox Rule Creation

Possible root causes

Malicious Detection

Benign Detection

M365 Suspicious Mailbox Rule Creation

Example scenarios

M365 Suspicious Mailbox Rule Creation

Business impact

If this detection indicates a genuine threat, the organization faces significant risks:

M365 Suspicious Mailbox Rule Creation

Steps to investigate

M365 Suspicious Mailbox Rule Creation

MITRE ATT&CK techniques covered

Hide Artifacts

M365 Suspicious Mailbox Rule Creation

Related detections

No items found.

FAQs