| Compromised Credentials | app-activity
↳s-owa-activity
↳cef-exchange-app-activity
↳outlook-exchange-app-activity-8
↳outlook-exchange-app-activity-9
↳outlook-exchange-app-activity-10
↳cef-exchange-app-activity-4
↳outlook-exchange-app-activity-2
↳cef-exchange-app-activity-3
↳outlook-exchange-app-activity-3
↳cef-exchange-app-activity-2
↳cef-exchange-app-activity-1
↳outlook-exchange-app-activity-1
↳outlook-exchange-app-activity-6
↳cef-exchange-app-activity-7
↳outlook-exchange-app-activity-7
↳cef-exchange-app-activity-6
↳outlook-exchange-app-activity-4
↳s-exchange-app-activity
↳cef-exchange-app-activity-5
↳outlook-exchange-app-activity-5
app-login
↳exchange-app-login-1
↳exchange-app-login
failed-app-login
↳exchange-failed-app-login
| T1078 - Valid Accounts
T1133 - External Remote Services
T1190 - Exploit Public Fasing Application
| |
| Data Access | app-activity
↳s-owa-activity
↳cef-exchange-app-activity
↳outlook-exchange-app-activity-8
↳outlook-exchange-app-activity-9
↳outlook-exchange-app-activity-10
↳cef-exchange-app-activity-4
↳outlook-exchange-app-activity-2
↳cef-exchange-app-activity-3
↳outlook-exchange-app-activity-3
↳cef-exchange-app-activity-2
↳cef-exchange-app-activity-1
↳outlook-exchange-app-activity-1
↳outlook-exchange-app-activity-6
↳cef-exchange-app-activity-7
↳outlook-exchange-app-activity-7
↳cef-exchange-app-activity-6
↳outlook-exchange-app-activity-4
↳s-exchange-app-activity
↳cef-exchange-app-activity-5
↳outlook-exchange-app-activity-5
app-login
↳exchange-app-login-1
↳exchange-app-login
failed-app-login
↳exchange-failed-app-login
| T1078 - Valid Accounts
| |
| Data Leak | app-activity
↳s-owa-activity
↳cef-exchange-app-activity
↳outlook-exchange-app-activity-8
↳outlook-exchange-app-activity-9
↳outlook-exchange-app-activity-10
↳cef-exchange-app-activity-4
↳outlook-exchange-app-activity-2
↳cef-exchange-app-activity-3
↳outlook-exchange-app-activity-3
↳cef-exchange-app-activity-2
↳cef-exchange-app-activity-1
↳outlook-exchange-app-activity-1
↳outlook-exchange-app-activity-6
↳cef-exchange-app-activity-7
↳outlook-exchange-app-activity-7
↳cef-exchange-app-activity-6
↳outlook-exchange-app-activity-4
↳s-exchange-app-activity
↳cef-exchange-app-activity-5
↳outlook-exchange-app-activity-5
dlp-alert
↳exchange-dlp-alert
↳exchange-dlp-alert-1
dlp-email-alert-out
↳json-exchange-dlp-email-out
↳q-exchange-dlp-email-out-3
↳cef-dlp-email-out
↳q-exchange-dlp-email-out-4
↳q-exchange-dlp-email-out-5
↳exchange-dlp-email-out
↳q-exchange-dlp-email-out
↳exchange-dlp-email-alert-resolved
↳exchange-dlp-email-out-1
↳exchange-dlp-email-internal
↳exchange-dlp-email-alert-2
↳exchange-dlp-email-alert-1
↳q-exchange-dlp-email-out-1
↳exchange-dlp-email-out-sd
↳json-exchange-email
dlp-email-alert-out-failed
↳json-exchange-dlp-email-out
↳cef-dlp-email-out
↳exchange-dlp-email-out
↳q-exchange-dlp-email-out
↳q-exchange-dlp-email-out-2
↳exchange-dlp-email-out-failed
↳q-exchange-dlp-email-out-1
↳exchange-dlp-email-alert-3
| T1020 - Automated Exfiltration
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1071 - Application Layer Protocol
T1114.003 - Email Collection: Email Forwarding Rule
TA0010 - TA0010
| |
| Lateral Movement | app-activity
↳s-owa-activity
↳cef-exchange-app-activity
↳outlook-exchange-app-activity-8
↳outlook-exchange-app-activity-9
↳outlook-exchange-app-activity-10
↳cef-exchange-app-activity-4
↳outlook-exchange-app-activity-2
↳cef-exchange-app-activity-3
↳outlook-exchange-app-activity-3
↳cef-exchange-app-activity-2
↳cef-exchange-app-activity-1
↳outlook-exchange-app-activity-1
↳outlook-exchange-app-activity-6
↳cef-exchange-app-activity-7
↳outlook-exchange-app-activity-7
↳cef-exchange-app-activity-6
↳outlook-exchange-app-activity-4
↳s-exchange-app-activity
↳cef-exchange-app-activity-5
↳outlook-exchange-app-activity-5
app-activity-failed
↳outlook-exchange-app-activity-8
↳outlook-exchange-app-activity-9
↳outlook-exchange-app-activity-10
↳cef-exchange-app-activity-4
↳outlook-exchange-app-activity-2
↳cef-exchange-app-activity-3
↳outlook-exchange-app-activity-3
↳cef-exchange-app-activity-2
↳cef-exchange-app-activity-1
↳outlook-exchange-app-activity-1
↳outlook-exchange-app-activity-6
↳cef-exchange-app-activity-7
↳outlook-exchange-app-activity-7
↳cef-exchange-app-activity-6
↳outlook-exchange-app-activity-4
↳s-exchange-app-activity
↳cef-exchange-app-activity-5
↳outlook-exchange-app-activity-5
app-login
↳exchange-app-login-1
↳exchange-app-login
failed-app-login
↳exchange-failed-app-login
| T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
| |
| Malware | app-activity
↳s-owa-activity
↳cef-exchange-app-activity
↳outlook-exchange-app-activity-8
↳outlook-exchange-app-activity-9
↳outlook-exchange-app-activity-10
↳cef-exchange-app-activity-4
↳outlook-exchange-app-activity-2
↳cef-exchange-app-activity-3
↳outlook-exchange-app-activity-3
↳cef-exchange-app-activity-2
↳cef-exchange-app-activity-1
↳outlook-exchange-app-activity-1
↳outlook-exchange-app-activity-6
↳cef-exchange-app-activity-7
↳outlook-exchange-app-activity-7
↳cef-exchange-app-activity-6
↳outlook-exchange-app-activity-4
↳s-exchange-app-activity
↳cef-exchange-app-activity-5
↳outlook-exchange-app-activity-5
app-login
↳exchange-app-login-1
↳exchange-app-login
dlp-alert
↳exchange-dlp-alert
↳exchange-dlp-alert-1
dlp-email-alert-in
↳exchange-dlp-email-internal
↳exchange-dlp-email-in-1
↳exchange-dlp-email-in-2
↳q-exchange-dlp-email-in-1
↳cef-dlp-email-in
↳q-exchange-dlp-email-in-2
↳exchange-dlp-email-in
↳json-exchange-dlp-email-in
↳q-exchange-dlp-email-in-5
↳q-exchange-dlp-email-in
↳q-exchange-dlp-email-in-4
↳exchange-dlp-email-alert-resolved
↳exchange-dlp-email-in-sd
↳exchange-dlp-email-alert-2
↳exchange-dlp-email-alert-1
↳json-exchange-email
dlp-email-alert-out
↳json-exchange-dlp-email-out
↳q-exchange-dlp-email-out-3
↳cef-dlp-email-out
↳q-exchange-dlp-email-out-4
↳q-exchange-dlp-email-out-5
↳exchange-dlp-email-out
↳q-exchange-dlp-email-out
↳exchange-dlp-email-alert-resolved
↳exchange-dlp-email-out-1
↳exchange-dlp-email-internal
↳exchange-dlp-email-alert-2
↳exchange-dlp-email-alert-1
↳q-exchange-dlp-email-out-1
↳exchange-dlp-email-out-sd
↳json-exchange-email
| T1078 - Valid Accounts
T1190 - Exploit Public Fasing Application
TA0002 - TA0002
| |
| Phishing | dlp-email-alert-out
↳json-exchange-dlp-email-out
↳q-exchange-dlp-email-out-3
↳cef-dlp-email-out
↳q-exchange-dlp-email-out-4
↳q-exchange-dlp-email-out-5
↳exchange-dlp-email-out
↳q-exchange-dlp-email-out
↳exchange-dlp-email-alert-resolved
↳exchange-dlp-email-out-1
↳exchange-dlp-email-internal
↳exchange-dlp-email-alert-2
↳exchange-dlp-email-alert-1
↳q-exchange-dlp-email-out-1
↳exchange-dlp-email-out-sd
↳json-exchange-email
| T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
| |
| Privilege Abuse | app-activity
↳s-owa-activity
↳cef-exchange-app-activity
↳outlook-exchange-app-activity-8
↳outlook-exchange-app-activity-9
↳outlook-exchange-app-activity-10
↳cef-exchange-app-activity-4
↳outlook-exchange-app-activity-2
↳cef-exchange-app-activity-3
↳outlook-exchange-app-activity-3
↳cef-exchange-app-activity-2
↳cef-exchange-app-activity-1
↳outlook-exchange-app-activity-1
↳outlook-exchange-app-activity-6
↳cef-exchange-app-activity-7
↳outlook-exchange-app-activity-7
↳cef-exchange-app-activity-6
↳outlook-exchange-app-activity-4
↳s-exchange-app-activity
↳cef-exchange-app-activity-5
↳outlook-exchange-app-activity-5
app-activity-failed
↳outlook-exchange-app-activity-8
↳outlook-exchange-app-activity-9
↳outlook-exchange-app-activity-10
↳cef-exchange-app-activity-4
↳outlook-exchange-app-activity-2
↳cef-exchange-app-activity-3
↳outlook-exchange-app-activity-3
↳cef-exchange-app-activity-2
↳cef-exchange-app-activity-1
↳outlook-exchange-app-activity-1
↳outlook-exchange-app-activity-6
↳cef-exchange-app-activity-7
↳outlook-exchange-app-activity-7
↳cef-exchange-app-activity-6
↳outlook-exchange-app-activity-4
↳s-exchange-app-activity
↳cef-exchange-app-activity-5
↳outlook-exchange-app-activity-5
app-login
↳exchange-app-login-1
↳exchange-app-login
dlp-email-alert-in
↳exchange-dlp-email-internal
↳exchange-dlp-email-in-1
↳exchange-dlp-email-in-2
↳q-exchange-dlp-email-in-1
↳cef-dlp-email-in
↳q-exchange-dlp-email-in-2
↳exchange-dlp-email-in
↳json-exchange-dlp-email-in
↳q-exchange-dlp-email-in-5
↳q-exchange-dlp-email-in
↳q-exchange-dlp-email-in-4
↳exchange-dlp-email-alert-resolved
↳exchange-dlp-email-in-sd
↳exchange-dlp-email-alert-2
↳exchange-dlp-email-alert-1
↳json-exchange-email
dlp-email-alert-in-failed
↳cef-dlp-email-in
↳q-exchange-dlp-email-in-3
↳exchange-dlp-email-in
↳json-exchange-dlp-email-in
↳q-exchange-dlp-email-in
↳exchange-dlp-email-in-failed
↳q-exchange-dlp-email-in-1
↳exchange-dlp-email-alert-3
dlp-email-alert-out
↳json-exchange-dlp-email-out
↳q-exchange-dlp-email-out-3
↳cef-dlp-email-out
↳q-exchange-dlp-email-out-4
↳q-exchange-dlp-email-out-5
↳exchange-dlp-email-out
↳q-exchange-dlp-email-out
↳exchange-dlp-email-alert-resolved
↳exchange-dlp-email-out-1
↳exchange-dlp-email-internal
↳exchange-dlp-email-alert-2
↳exchange-dlp-email-alert-1
↳q-exchange-dlp-email-out-1
↳exchange-dlp-email-out-sd
↳json-exchange-email
dlp-email-alert-out-failed
↳json-exchange-dlp-email-out
↳cef-dlp-email-out
↳exchange-dlp-email-out
↳q-exchange-dlp-email-out
↳q-exchange-dlp-email-out-2
↳exchange-dlp-email-out-failed
↳q-exchange-dlp-email-out-1
↳exchange-dlp-email-alert-3
failed-app-login
↳exchange-failed-app-login
| T1078 - Valid Accounts
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
| |
| Privilege Escalation | app-activity
↳s-owa-activity
↳cef-exchange-app-activity
↳outlook-exchange-app-activity-8
↳outlook-exchange-app-activity-9
↳outlook-exchange-app-activity-10
↳cef-exchange-app-activity-4
↳outlook-exchange-app-activity-2
↳cef-exchange-app-activity-3
↳outlook-exchange-app-activity-3
↳cef-exchange-app-activity-2
↳cef-exchange-app-activity-1
↳outlook-exchange-app-activity-1
↳outlook-exchange-app-activity-6
↳cef-exchange-app-activity-7
↳outlook-exchange-app-activity-7
↳cef-exchange-app-activity-6
↳outlook-exchange-app-activity-4
↳s-exchange-app-activity
↳cef-exchange-app-activity-5
↳outlook-exchange-app-activity-5
| T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
| |
| Privileged Activity | app-activity
↳s-owa-activity
↳cef-exchange-app-activity
↳outlook-exchange-app-activity-8
↳outlook-exchange-app-activity-9
↳outlook-exchange-app-activity-10
↳cef-exchange-app-activity-4
↳outlook-exchange-app-activity-2
↳cef-exchange-app-activity-3
↳outlook-exchange-app-activity-3
↳cef-exchange-app-activity-2
↳cef-exchange-app-activity-1
↳outlook-exchange-app-activity-1
↳outlook-exchange-app-activity-6
↳cef-exchange-app-activity-7
↳outlook-exchange-app-activity-7
↳cef-exchange-app-activity-6
↳outlook-exchange-app-activity-4
↳s-exchange-app-activity
↳cef-exchange-app-activity-5
↳outlook-exchange-app-activity-5
app-activity-failed
↳outlook-exchange-app-activity-8
↳outlook-exchange-app-activity-9
↳outlook-exchange-app-activity-10
↳cef-exchange-app-activity-4
↳outlook-exchange-app-activity-2
↳cef-exchange-app-activity-3
↳outlook-exchange-app-activity-3
↳cef-exchange-app-activity-2
↳cef-exchange-app-activity-1
↳outlook-exchange-app-activity-1
↳outlook-exchange-app-activity-6
↳cef-exchange-app-activity-7
↳outlook-exchange-app-activity-7
↳cef-exchange-app-activity-6
↳outlook-exchange-app-activity-4
↳s-exchange-app-activity
↳cef-exchange-app-activity-5
↳outlook-exchange-app-activity-5
app-login
↳exchange-app-login-1
↳exchange-app-login
dlp-email-alert-in
↳exchange-dlp-email-internal
↳exchange-dlp-email-in-1
↳exchange-dlp-email-in-2
↳q-exchange-dlp-email-in-1
↳cef-dlp-email-in
↳q-exchange-dlp-email-in-2
↳exchange-dlp-email-in
↳json-exchange-dlp-email-in
↳q-exchange-dlp-email-in-5
↳q-exchange-dlp-email-in
↳q-exchange-dlp-email-in-4
↳exchange-dlp-email-alert-resolved
↳exchange-dlp-email-in-sd
↳exchange-dlp-email-alert-2
↳exchange-dlp-email-alert-1
↳json-exchange-email
dlp-email-alert-in-failed
↳cef-dlp-email-in
↳q-exchange-dlp-email-in-3
↳exchange-dlp-email-in
↳json-exchange-dlp-email-in
↳q-exchange-dlp-email-in
↳exchange-dlp-email-in-failed
↳q-exchange-dlp-email-in-1
↳exchange-dlp-email-alert-3
dlp-email-alert-out
↳json-exchange-dlp-email-out
↳q-exchange-dlp-email-out-3
↳cef-dlp-email-out
↳q-exchange-dlp-email-out-4
↳q-exchange-dlp-email-out-5
↳exchange-dlp-email-out
↳q-exchange-dlp-email-out
↳exchange-dlp-email-alert-resolved
↳exchange-dlp-email-out-1
↳exchange-dlp-email-internal
↳exchange-dlp-email-alert-2
↳exchange-dlp-email-alert-1
↳q-exchange-dlp-email-out-1
↳exchange-dlp-email-out-sd
↳json-exchange-email
dlp-email-alert-out-failed
↳json-exchange-dlp-email-out
↳cef-dlp-email-out
↳exchange-dlp-email-out
↳q-exchange-dlp-email-out
↳q-exchange-dlp-email-out-2
↳exchange-dlp-email-out-failed
↳q-exchange-dlp-email-out-1
↳exchange-dlp-email-alert-3
failed-app-login
↳exchange-failed-app-login
| T1078 - Valid Accounts
| |
| Ransomware | app-activity
↳s-owa-activity
↳cef-exchange-app-activity
↳outlook-exchange-app-activity-8
↳outlook-exchange-app-activity-9
↳outlook-exchange-app-activity-10
↳cef-exchange-app-activity-4
↳outlook-exchange-app-activity-2
↳cef-exchange-app-activity-3
↳outlook-exchange-app-activity-3
↳cef-exchange-app-activity-2
↳cef-exchange-app-activity-1
↳outlook-exchange-app-activity-1
↳outlook-exchange-app-activity-6
↳cef-exchange-app-activity-7
↳outlook-exchange-app-activity-7
↳cef-exchange-app-activity-6
↳outlook-exchange-app-activity-4
↳s-exchange-app-activity
↳cef-exchange-app-activity-5
↳outlook-exchange-app-activity-5
app-activity-failed
↳outlook-exchange-app-activity-8
↳outlook-exchange-app-activity-9
↳outlook-exchange-app-activity-10
↳cef-exchange-app-activity-4
↳outlook-exchange-app-activity-2
↳cef-exchange-app-activity-3
↳outlook-exchange-app-activity-3
↳cef-exchange-app-activity-2
↳cef-exchange-app-activity-1
↳outlook-exchange-app-activity-1
↳outlook-exchange-app-activity-6
↳cef-exchange-app-activity-7
↳outlook-exchange-app-activity-7
↳cef-exchange-app-activity-6
↳outlook-exchange-app-activity-4
↳s-exchange-app-activity
↳cef-exchange-app-activity-5
↳outlook-exchange-app-activity-5
app-login
↳exchange-app-login-1
↳exchange-app-login
failed-app-login
↳exchange-failed-app-login
| T1078 - Valid Accounts
| |
| Workforce Protection | dlp-email-alert-out
↳json-exchange-dlp-email-out
↳q-exchange-dlp-email-out-3
↳cef-dlp-email-out
↳q-exchange-dlp-email-out-4
↳q-exchange-dlp-email-out-5
↳exchange-dlp-email-out
↳q-exchange-dlp-email-out
↳exchange-dlp-email-alert-resolved
↳exchange-dlp-email-out-1
↳exchange-dlp-email-internal
↳exchange-dlp-email-alert-2
↳exchange-dlp-email-alert-1
↳q-exchange-dlp-email-out-1
↳exchange-dlp-email-out-sd
↳json-exchange-email
| T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
| |