New email hiding rule, fix typo and tags in email forwarding rule (m365 audit logs)

[marcopedrinazzi]

Summary of the Pull Request

I have reopened #5838 due to a limitation of github that did not allow edits from maintainers in cross org commits (https://github.com/orgs/community/discussions/5634)

This pull request adds an email hiding rule using M365 audit logs and adds mitre tags and fixs a typo in the email forwarding rule in O365.

Changelog

new: Mail Hiding Activity in O365 (microsoft365_susp_email_hiding_activity.yml)
fix: Mail Forwarding/Redirecting Activity In O365 (microsoft365_susp_email_forwarding_activity.yml)

Example Log Event

Operation
New-InboxRule

Parameters:

[
    {
        "Name": "MarkAsRead",
        "Value": "True"
    },
    {
        "Name": "DeleteMessage",
        "Value": "True"
    },
    {
        "Name": "MoveToFolder",
        "Value": "<email_placeholder>:\\test"
    },
    {
        "Name": "Name",
        "Value": "marco"
    },
    {
        "Name": "SubjectOrBodyContainsWords",
        "Value": "sigma"
    }
]

Fixed Issues

SigmaHQ Rule Creation Conventions

• If your PR adds new rules, please consider following and applying these conventions