New detection rules for Office 365 🕵️ 📧
In order to improve our detection capacity, we are developing detection rules for new intakes such as Office 365.
We have divided these rules into three main categories:
* Detection of the deactivation of safety measures. Attackers would be interested in disabling options such as Office 365 anti-phishing rules or email attachment scanning rules, and then infect your information system.
* Detection of a malicious file upload to Office file sharing services such as OneDrive or Sharepoint. These services can be used by attackers to lateralise into your networks.
* Detection of suspicious user behaviour such as downloading large numbers of files or deleting large numbers of files.
Other detection rules can be found on SEKOIA.IO XDR, in the [rules catalog page](https://app.sekoia.io/operations/rules-catalog). Those that have been updated recently appear at the top of the list.