Microsoft Exchange Server

Microsoft Exchange Server is a mail server and calendaring server developed by Microsoft, available both on-premises and in the cloud.

As a consolidated API, Securonix integrates with the Microsoft Office 365 Management API for ingesting Exchange relevant alerts to identify threats such as privilege escalation, data exfiltration, account compromise and unusual account behavior, as well as insider threats.

Event Service/Module Event Types Related Threats Use Cases/Threat Packages Details
Identity Management Sign in, user type, client IP address, machine/device/server version Unusual Login Location, Rare Geolocation Identity and Access Analytics, Insider Threats Access and login activity events
Data Governance Audit, admin privilege change, mail items accessed, cross mailbox operations, destination folder Privilege Escalation, Account Compromise, Malware, Phishing Insider Threats Storage expiration and data retention
Messages Create, send, open, moved, attachments, hard/soft deletion Phishing, Malicious Attachments, Abnormal Download Counts, DLP Insider Threats File and folder management activities
Folders Open, moved, deletion, creation Privilege Escalation Insider Threats Folder permission changes
User Management User Creation/Update/Editing/Deletion Privilege Escalation Insider Threats User management events