CLOUD CONNECTOR
Microsoft Exchange Server
Microsoft Exchange Server is a mail server and calendaring server developed by Microsoft, available both on-premises and in the cloud.
As a consolidated API, Securonix integrates with the Microsoft Office 365 Management API for ingesting Exchange relevant alerts to identify threats such as privilege escalation, data exfiltration, account compromise and unusual account behavior, as well as insider threats.
| Event Service/Module | Event Types | Related Threats | Use Cases/Threat Packages | Details |
|---|---|---|---|---|
| Identity Management | Sign in, user type, client IP address, machine/device/server version | Unusual Login Location, Rare Geolocation | Identity and Access Analytics, Insider Threats | Access and login activity events |
| Data Governance | Audit, admin privilege change, mail items accessed, cross mailbox operations, destination folder | Privilege Escalation, Account Compromise, Malware, Phishing | Insider Threats | Storage expiration and data retention |
| Messages | Create, send, open, moved, attachments, hard/soft deletion | Phishing, Malicious Attachments, Abnormal Download Counts, DLP | Insider Threats | File and folder management activities |
| Folders | Open, moved, deletion, creation | Privilege Escalation | Insider Threats | Folder permission changes |
| User Management | User Creation/Update/Editing/Deletion | Privilege Escalation | Insider Threats | User management events |