New detection rules for Office 365 🕵️ 📧

In order to improve our detection capacity, we are developing detection rules for new intakes such as Office 365.
We have divided these rules into three main categories:

  • Detection of the deactivation of safety measures. Attackers would be interested in disabling options such as Office 365 anti-phishing rules or email attachment scanning rules, and then infect your information system.
  • Detection of a malicious file upload to Office file sharing services such as OneDrive or Sharepoint. These services can be used by attackers to lateralise into your networks.
  • Detection of suspicious user behaviour such as downloading large numbers of files or deleting large numbers of files.

oc_rules_catalog_office_365.png

Other detection rules can be found on SEKOIA.IO XDR, in the rules catalog page. Those that have been updated recently appear at the top of the list.

What do you think about this update?