In order to improve our detection capacity, we are developing detection rules for new intakes such as Office 365. We have divided these rules into three main categories: * Detection of the deactivation of safety measures. Attackers would be interested in disabling options such as Office 365 anti-phishing rules or email attachment scanning rules, and then infect your information system. * Detection of a malicious file upload to Office file sharing services such as OneDrive or Sharepoint. These services can be used by attackers to lateralise into your networks. * Detection of suspicious user behaviour such as downloading large numbers of files or deleting large numbers of files.  Other detection rules can be found on SEKOIA.IO XDR, in the [rules catalog page](https://app.sekoia.io/operations/rules-catalog). Those that have been updated recently appear at the top of the list.