Sentinel basics
Thought I may as well begin to share some Microsoft Sentinel Basics I have learnt over the last few months amongst other studies that I am currently completing.
This article is about Analytic Rules and creating a basic rule to alert on the creation of Malicious mailbox rules within an environment. Attackers use compromised accounts to create mailbox rules, a simple process that enables the attackers to maintain a quiet persistent access to the mailbox - they can use this for a whole variety of malicious purposes.