-
Notifications
You must be signed in to change notification settings - Fork 383
/
Copy pathoffice_365_collection_techniques.yml
18 lines (18 loc) · 1.47 KB
/
office_365_collection_techniques.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
name: Office 365 Collection Techniques
id: d90f2b80-f675-4717-90af-12fc8c438ae8
version: 1
date: '2024-02-12'
author: Mauricio Velazco, Splunk
status: production
description: Monitor for activities and anomalies indicative of potential collection techniques within Office 365 environments.
narrative: Office 365 (O365) is Microsoft's cloud-based suite of productivity tools, encompassing email, collaboration platforms, and office applications, all integrated with Azure Active Directory for identity and access management. O365's centralized storage of sensitive data and widespread adoption make it a key asset, yet also a prime target for security threats. The 'Office 365 Collection Techniques' analytic story focuses on the strategies and methodologies that attackers might use to gather critical information within the O365 ecosystem. 'Collection' in this context refers to the various techniques adversaries deploy to accumulate data that are essential for advancing their malicious objectives. This could include tactics such as intercepting communications, accessing sensitive documents, or extracting data from collaboration tools and email platforms. By identifying and monitoring these collection activities, organizations can more effectively spot and counteract attempts to illicitly gather information
references: []
tags:
category:
- Adversary Tactics
- Cloud Security
product:
- Splunk Enterprise
- Splunk Enterprise Security
- Splunk Cloud
usecase: Advanced Threat Detection