Hi All,
I'm creating a dashboard where it will show if 1 email is sent to multiple recipients (spam) - same sender, same subject, multiple recipients. So basically it's a threat detection via email. Is this possible?
Cheers,
Bryan
Perhaps this will get you started.
<your search for email> | stats count(recipient) as recipients by Sender, Subject | where recipients > 3 | ...
Perhaps this will get you started.
<your search for email> | stats count(recipient) as recipients by Sender, Subject | where recipients > 3 | ...