1.2 KiB
1.2 KiB
Phish and Malware received by user vs total amout of email
How much phish and malware emails vs good emails received the user in the given timeframe.
Query
let UserToAnalyze="john.doe@contoso.com";
EmailEvents
| where RecipientEmailAddress==UserToAnalyze
| project RecipientEmailAddress, ThreatTypes
| evaluate pivot(ThreatTypes)
| sort by RecipientEmailAddress asc
Category
This query can be used to detect the following attack techniques and tactics (see MITRE ATT&CK framework) or security configuration states.
| Technique, tactic, or state | Covered? (v=yes) | Notes |
|---|---|---|
| Initial access | x | |
| Execution | ||
| Persistence | ||
| Privilege escalation | ||
| Defense evasion | ||
| Credential Access | ||
| Discovery | ||
| Lateral movement | ||
| Collection | ||
| Command and control | ||
| Exfiltration | ||
| Impact | ||
| Vulnerability | ||
| Misconfiguration | ||
| Malware, component |
Contributor info
Contributor: Pawel Partyka
GitHub alias: pawp81
Organization: Microsoft
Contact info: ppartyka@microsoft.com