Vendor: Microsoft

June 14, 2023 · View on GitHub

Rules	Models	MITRE ATT&CK® TTPs	Event Types	Parsers
1	1	1	1	1

Event Type	Rules	Models
dlp-email-alert-out	T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol ↳ EM-OD-A: Abnormal email domain for organization	• EM-OD: Domains per organization