MailBox Search

MailBox Search

Base Rule

General MS Exchange Mailbox Store Information

Information

Set - Admin Audit Log Config

Sub Rule

General Audit

Other Audit Success

Remove - Mailbox Permission

Sub Rule

User Account Attribute Modified

Account Modified

Admin Added Mailbox Permission

Sub Rule

File Monitoring Event - Permissions

Access Success

New - Migration Batch

Sub Rule

Key Migration Operation

Other Audit Success

Set - Mailbox Search

Sub Rule

General MS Exchange Information

Information

Admin Add Recipient Permission

Sub Rule

General CLOUD Message

Information

Set - CAS Mailbox

Sub Rule

General MS Exchange Warning

Warning

TS

N/A

N/A

N/A

SESSID

<session>

Text/String

Session information

COMMAND

<command>
<tag1>

Text/String

Command name

USERTYPE

<tag2>

Text/String

Type of user

USERKEY

<sender>

Text/String

User key informations hexadecimal value

WORKLOAD

<process>

<vendorinfo>

Text/String

Audit log record type

RESULTCODE

<result>

Text/String

Results

OBJECT

<object>

Text/String

Object name

USER

<login>

Text/String

Source user name

SIP

<sip>
<sport>

IP Address

Number

Source IP address

OBJECTNAME

N/A

N/A

N/A

PARAMETERS

<sessiontype>

Text/String

N/A

MODIFIEDPROPERTIES

N/A

N/A

N/A

EXTERNALACCESS

N/A

N/A

N/A

ORIGINATINGSERVER

<sname>

Text/String

N/A

ORGANIZATIONNAME

<domain>

Text/String

N/A

LOGONTYPE

N/A

N/A

N/A

MAILBOXOWNER

N/A

N/A

N/A

MAILBOXMASTER

N/A

N/A

N/A

LOGONUSERSID

N/A

N/A

N/A

LOGONUSERDISPLAYNAME

N/A

N/A

N/A

USERAGENT

N/A

N/A

N/A

CLIENTIPADDRESS

N/A

N/A

N/A

CLIENTPROCESSNAME

N/A

N/A

N/A

CLIENTVERSION

N/A

N/A

N/A

FOLDER

N/A

N/A

N/A

CROSSMAILBOXOPERATIONS

N/A

N/A

N/A

DESTMAILBOX

N/A

N/A

N/A

DESTMAILBOXOWNER

N/A

N/A

N/A

DESTMAILBOXMASTER

N/A

N/A

N/A

DESTFOLDER

N/A

N/A

N/A

FOLDERS

N/A

N/A

N/A

AFFECTEDITEMS

N/A

N/A

N/A

ITEM

N/A

N/A

N/A

SENDASUSER

N/A

N/A

N/A

SENDONBEHALFOFUSER

N/A

N/A

N/A