Sentinel Rules
- RULE-1020 - Detect email forwarding rules
- RULE-1022 - Suspicious keyword in mailbox rule
- RULE-1023 - Mailbox auto-forwards
- RULE-1024 - Transport rule forwards email externally
- RULE-1026 - Transport rule with suspicious keywords
- RULE-1123 & RULE-1138 - Gastgebruiker kreeg hoge privileges
- RULE-1127 - Detect sign-in into disabled account
- RULE-1129 - Emergency admin account used
- RULE-1139 - New GDAP Relationship
- RULE-1143 t/m RULE-1146 - AITM Activity
- RULE-1520 - Public Sharepoint Site
- RULE-1521 & RULE-1522 - Malware detected on SharePoint