Rules by Product and UseCase
April 15, 2026 · View on GitHub
Vendor: Microsoft
Product: Windows
Use-Case: Data Leak
| Rules | Models | MITRE ATT&CK® TTPs | Activity Types | Parsers |
|---|---|---|---|---|
| 3 | 0 | 2 | 1 | 2 |
| Event Type | Rules | Models |
|---|---|---|
| app-activity | T1114 - Email Collection ↳ EM-InRule-EX: User has created an inbox forwarding rule to forward email to an external domain email ↳ EM-InRule-Public: User has created an inbox forwarding rule to forward email to a public email domain ↳ EM-InRule-Fin: User has created an inbox forwarding rule to forward emails containing financial keywords T1114.003 - Email Collection: Email Forwarding Rule ↳ EM-InRule-EX: User has created an inbox forwarding rule to forward email to an external domain email ↳ EM-InRule-Public: User has created an inbox forwarding rule to forward email to a public email domain ↳ EM-InRule-Fin: User has created an inbox forwarding rule to forward emails containing financial keywords |