Hi all,
What I want to achieve is to identify the users that possibly leaking /auto-forwarding emails to his personal email address (e.g. gmail) based on Exchange logs
1- Detect possible Auto-forwarding rule
2- Detect possible email leakage
Company email ID:
[email protected]
Private Email ID: *@gmail.com and *@yahoo.com
1- Detect Possible Auto-Forwarding Rule
based on timestamp can I have splunk query to support me identify users that auto-forwarding ?
2- Detect possible email leakage
I want to capture if user sending 10+ emails to specific recipient using free email services e.g. gmail in duration of 3 minutes.
Sample Query
index=mail-1 sourcetype="MSExchange:*"
[email protected]
| search recipient IN("*@gmail","*@yahoo.com")
Thanks in Advance.
Regards,
... View more