Skip to content

New rule: suspicious emails delivered in Microsoft 365#5846

Open
marcopedrinazzi wants to merge 4 commits intoSigmaHQ:masterfrom
marcopedrinazzi:threat-intel-o365
Open

New rule: suspicious emails delivered in Microsoft 365#5846
marcopedrinazzi wants to merge 4 commits intoSigmaHQ:masterfrom
marcopedrinazzi:threat-intel-o365

Conversation

@marcopedrinazzi
Copy link
Contributor

Summary of the Pull Request

This pull request adds a rule to detect emails classified as suspicious by Microsoft Defender for Office 365 that got delivered

Changelog

new: Suspicious email delivered in Microsoft 365

Example Log Event

Screenshots from Purview:
immagine


immagine


immagine

Fixed Issues

SigmaHQ Rule Creation Conventions

  • If your PR adds new rules, please consider following and applying these conventions

@github-actions github-actions bot added Rules Review Needed The PR requires review labels Jan 27, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Review Needed The PR requires review Rules

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants