Description
- Type: CUSTOMER
- Severity: WARNING
- Protection against: Hacking
- Fix Available: YES
This Monitoring Check verifies if there are mailboxes for which audit logging is being bypassed.
Why this check?
Audit logging is essential to understand malicious activity. For this reason, it is suspicious if the function is deliberately disabled. This may indicate an attacker trying to erase traces. Therefore, we use this check to verify if there are new mailboxes where the AuditBypass option is enabled.
What are the possible outcomes of the check?
This check has two possible outcomes. In Attic, this is reflected as follows:
- Okay: There are no mailboxes in the tenant for which audit logging is being bypassed
- Warning: Audit logging is being bypassed for at least one of the mailboxes
How should this be followed up?
If the output is Warning , we advise disabling the bypass of audit logging for the mailbox(es) in question. A fix is available for this check, which we will offer through Attic.
Comments
0 comments
Please sign in to leave a comment.