{"id":58103,"date":"2020-06-09T11:53:02","date_gmt":"2020-06-09T11:53:02","guid":{"rendered":"https:\/\/www.stellarinfo.com\/blog\/?p=58103"},"modified":"2024-08-20T05:55:27","modified_gmt":"2024-08-20T05:55:27","slug":"malicious-emails-investigation-in-office-365","status":"publish","type":"post","link":"https:\/\/www.stellarinfo.com\/blog\/malicious-emails-investigation-in-office-365\/","title":{"rendered":"Malicious Email Investigation in Office 365- A Guide for Security Operations Center\u00a0(SOC) Team"},"content":{"rendered":"<?xml encoding=\"utf-8\" ?><?xml encoding=\"utf-8\" ?><blockquote class=\"note_alert\">\n<p><strong>Summary<\/strong>: While doing a malicious Email Investigation in Office 365, specific prerequisites need to be followed first, such as the organization must have Microsoft 365 Advanced Threat Protection. Apart from this, policies should be defined for anti-malware, anti-spam, anti-phishing, and other cybersecurity risks. Using Threat Explorer to Investigate Suspicious Emails and analyze Phishing URLs are some of the crucial steps a SOC analyst should take to mitigate the after-effects of a cyberattack. A third-party email forensics software, such as Stellar Email Forensic, supports the investigation and digital evidence collection at the granular level.<\/p>\n<\/blockquote><p>Organizations and businesses today rely on emails for their day-to-day communication, making them vulnerable to various cybersecurity threats, such as phishing, malware attacks, etc. In light of these threats, Microsoft offers most of its products, including Office 365, with built-in security features. For example, if your organization has Microsoft 365 Advanced Threat Protection, then you&rsquo;ve access to a built-in security tool &ndash; Threat Explorer, that can help protect your organization against malicious emails.<\/p><p>In this guide, we&rsquo;ll discuss how Micorsoft 365 Threat Explorer protects your organization from cybersecurity threats and helps you to investigate malicious emails.<\/p><h3 class=\"wp-block-heading\" id=\"h-prerequisites\"><strong>Prerequisites<\/strong><\/h3><p>You can use Office 365 Threat Explorer to strengthen email security by finding and deleting malicious emails, curbing phishing attacks, etc. However, it would help if you met a few conditions first:<\/p><ul class=\"wp-block-list\">\n<li>Your organization has Microsoft 365 Advanced Threat Protection.<\/li>\n\n\n\n<li>You have defined policies for anti-malware, anti-spam, anti-phishing, and other risks.<\/li>\n\n\n\n<li>You can use Security &amp; Compliance Center to do it in case you haven&rsquo;t already.<\/li>\n\n\n\n<li>You have enabled the audit log search. If not, you can do it manually in Security &amp; Compliance Centre or use the PowerShell command: Set-AdminAuditLogConfig -UnifiedAuditLogIngestionEnabled $true.<\/li>\n\n\n\n<li>You are a global administrator.<\/li>\n<\/ul><h2 class=\"wp-block-heading\" id=\"use-threat-explorer-to-investigate-suspicious-emails\"><strong><strong>Use Threat Explorer to Investigate Suspicious Emails<\/strong><\/strong><\/h2><p>To find and study suspicious emails in the mailboxes of recipients, follow these steps:<\/p><h3 class=\"wp-block-heading\" id=\"h-1-go-to-threat-explorer\"><strong>1. Go to Threat Explorer<\/strong><\/h3><p>Reach Office 365 Security &amp; Compliance Center by visiting this&nbsp;<a href=\"https:\/\/login.microsoftonline.com\/common\/oauth2\/authorize?client_id=80ccca67-54bd-44ab-8625-4b79c4dc7775&amp;response_type=code%20id_token&amp;scope=openid%20profile&amp;state=OpenIdConnect.AuthenticationProperties%3Den5DvElUV2ukF55RSsdzHlo93gOmS-QvO02FL2SXjec_RTvhPhOE9KFxir6mJWqzlwAzS658YMy-BWTqMqR-YXwJepn-AyPuZLCnVboiAPPHhuw6zDQ6i8rk9K0EC7B6_6wVLAfROKuPm4-ou7GRZg&amp;response_mode=form_post&amp;nonce=637965867016306803.NDZjYzU4YjQtYjE1Ny00NDkyLWJkMGItNzc2NDQ4MjI0MjMwYjMxZDA4ZTYtZDQ5Ni00MTgzLWJjNDYtOTdiNjYyYmYyN2Zm&amp;client-request-id=7d9348ae-2509-45aa-b91c-95a5f3d1ee46&amp;redirect_uri=https%3A%2F%2Fprotection.office.com%2F&amp;x-client-SKU=ID_NET461&amp;x-client-ver=6.16.0.0\" target=\"_blank\" rel=\"noreferrer noopener\">link<\/a>&nbsp;and signing in with your Microsoft 365 account. After logging in, select&nbsp;<strong>Threat management<\/strong>&nbsp;&gt;&nbsp;<strong>Explorer<\/strong>&nbsp;in the quick-launch section on the left side of the screen.<\/p><div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"387\" src=\"https:\/\/www.stellarinfo.com\/blog\/wp-content\/uploads\/2020\/06\/Office-365-Threat-Explorer-1024x387.png\" alt=\"Threat Explorer Portal in Office 365\" class=\"wp-image-58116 apply-gradient-on-post-images\" srcset=\"https:\/\/www.stellarinfo.com\/blog\/wp-content\/uploads\/2020\/06\/Office-365-Threat-Explorer-1024x387.png 1024w, https:\/\/www.stellarinfo.com\/blog\/wp-content\/uploads\/2020\/06\/Office-365-Threat-Explorer-300x113.png 300w, https:\/\/www.stellarinfo.com\/blog\/wp-content\/uploads\/2020\/06\/Office-365-Threat-Explorer-768x291.png 768w, https:\/\/www.stellarinfo.com\/blog\/wp-content\/uploads\/2020\/06\/Office-365-Threat-Explorer.png 1380w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption><em><strong>Figure 1: <\/strong>Office 365 Threat Explorer Portal<\/em><\/figcaption><\/figure><\/div><h3 class=\"wp-block-heading\" id=\"h-2-select-all-email-view\"><strong>2. Select &ldquo;All email&rdquo; View<\/strong><\/h3><p>The dashboard offers multiple views such as:<\/p><ul class=\"wp-block-list\">\n<li><strong><a href=\"https:\/\/www.stellarinfo.com\/blog\/prevent-attacks-from-malicious-email-attachments\/\" target=\"_blank\" rel=\"noreferrer noopener\">Malware<\/a><\/strong><\/li>\n\n\n\n<li><strong>Phish<\/strong><\/li>\n\n\n\n<li><strong>Submissions<\/strong><\/li>\n\n\n\n<li><strong>All email<\/strong><\/li>\n<\/ul><p>The emails are filtered based on the selected view, and you can investigate emails for different threats accordingly. For example, if you want to do a forensic analysis of emails where a malware threat is detected, choose <em>Malware<\/em> view. Select <em>Phish<\/em> view if you wish to investigate emails where a phishing threat is detected. On the other hand, if you want to view emails that admins or users submit to Microsoft for forensic investigation, select <em>Submissions<\/em> view.<\/p><div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"300\" height=\"330\" src=\"https:\/\/www.stellarinfo.com\/blog\/wp-content\/uploads\/2020\/06\/Email-views-in-Threat-Explorer.png\" alt=\"Threat explorer View menu is shown, having Email options as Malware, Phish, Submissions and All Email. The Content option is Malware.\" class=\"wp-image-58117 apply-gradient-on-post-images\" srcset=\"https:\/\/www.stellarinfo.com\/blog\/wp-content\/uploads\/2020\/06\/Email-views-in-Threat-Explorer.png 300w, https:\/\/www.stellarinfo.com\/blog\/wp-content\/uploads\/2020\/06\/Email-views-in-Threat-Explorer-273x300.png 273w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><figcaption><em><strong>Figure 2: <\/strong>Email views in Threat Explorer Portal<\/em><\/figcaption><\/figure><\/div><p>If you select <em>All email<\/em> view, it lists all emails received by your organization. Also, you may receive an error that reads &ldquo;Too much data to display&rdquo; if there are bulk emails to process. To fix this error, you can narrow the date range or add a search filter to limit data for the view.<\/p><p><em><strong>Note:<\/strong><\/em><em>&nbsp;You can select the All email view only if your organization has subscribed to Advanced Threat Protection Plan 2 (ATP P2). &nbsp;<\/em><\/p><h3 class=\"wp-block-heading\" id=\"h-3-use-search-filters\"><strong>3. Use Search Filters<\/strong><\/h3><p>Threat Explorer allows you to search and filter emails based on sender, subject, attachment file name, etc. You can apply multiple filters at a time. You can also attach multiple values (keywords) to each filter (separated by commas) in the search bar to narrow down the results.<\/p><div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"935\" height=\"141\" class=\"wp-image-58118 apply-gradient-on-post-images\" src=\"https:\/\/www.stellarinfo.com\/blog\/wp-content\/uploads\/2020\/06\/Filters-and-advanced-filters-in-Threat-Explorer.png\" alt=\"Filters and advanced filters in Threat Explorer Portal\" srcset=\"https:\/\/www.stellarinfo.com\/blog\/wp-content\/uploads\/2020\/06\/Filters-and-advanced-filters-in-Threat-Explorer.png 935w, https:\/\/www.stellarinfo.com\/blog\/wp-content\/uploads\/2020\/06\/Filters-and-advanced-filters-in-Threat-Explorer-300x45.png 300w, https:\/\/www.stellarinfo.com\/blog\/wp-content\/uploads\/2020\/06\/Filters-and-advanced-filters-in-Threat-Explorer-768x116.png 768w\" sizes=\"auto, (max-width: 935px) 100vw, 935px\" \/><figcaption><em><strong>Figure 3: <\/strong>Filters and advanced filters in Threat Explorer Portal<\/em><\/figcaption>\n<\/figure>\n<\/div><h3 class=\"wp-block-heading\" id=\"h-4-study-email-fields\"><strong>4. Study Email Fields<\/strong><\/h3><p>At the bottom of the&nbsp;<strong>Threat explorer<\/strong>&nbsp;window, you can find crucial security-related information in different columns. First, there are columns for the essential details, like&nbsp;<strong>Recipient<\/strong>,&nbsp;<strong>Sender<\/strong>,&nbsp;<strong>Sender IP<\/strong>, etc. Then, there are also columns for additional information, like:<\/p><ul class=\"wp-block-list\">\n<li><strong>Delivery Location:<\/strong>&nbsp;You can find where a suspicious email has ended (Inbox, Junk folder, Deleted Items folder, etc.). You can also learn what happened to the email &ndash; if it is in quarantine and not in the user&rsquo;s mailbox or if it has failed to reach the intended mailbox.<\/li>\n\n\n\n<li><strong>URL Threat:&nbsp;<\/strong>This field indicates the form of threat presented by a URL, such as&nbsp;<em>Phish, <a href=\"https:\/\/www.stellarinfo.com\/blog\/prevent-attacks-from-malicious-email-attachments\/\" target=\"_blank\" rel=\"noreferrer noopener\">Malware<\/a>,&nbsp;<\/em>or<em>&nbsp;Spam<\/em>. If there is a URL with no threat, then the field is set to&nbsp;<em>None<\/em>.<\/li>\n\n\n\n<li><strong>Overrides:<\/strong>&nbsp;This field displays overridden actions on emails as per configured company policy. This field can help you check how the security policies you define are performing in an actual work environment. Here, you can find statutes, like&nbsp;<em>allowed by org policy, blocked by org policy, file extension blocked by org policy<\/em>, etc.<\/li>\n<\/ul><h3 class=\"wp-block-heading\" id=\"h-5-check-email-timeline-view\"><strong>5. Check Email Timeline View<\/strong><\/h3><p>To delve deeper into an email&rsquo;s status and transmission path, you can check its timeline. You can click the subject of an email and click Email timeline. This opens a table that displays all events that took place during and after email delivery. You can study this information to understand exactly what happened to an email after it was delivered.<\/p><h3 class=\"wp-block-heading\" id=\"h-6-take-action\"><strong>6. Take Action<\/strong><\/h3><p>Using the above tools and techniques, if you come across a particular email, click on it to take a closer look. A new window will open where you can find details like return path, recipients, etc. You will also find the&nbsp;<em>Similar Emails<\/em>&nbsp;option, which is quite important. If you select this option, it will display a list of other emails that were sent to your organization. These emails may have similar senders, IP addresses, subject content, etc. You can select all or some of these emails and add them to the incident. You can then name the incident and attach a severity level.<\/p><div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"777\" height=\"527\" src=\"https:\/\/www.stellarinfo.com\/blog\/wp-content\/uploads\/2020\/06\/Assigning-suspicious-emails-to-incident.png\" alt=\"Assigning suspicious emails to incident\" class=\"wp-image-58119 apply-gradient-on-post-images\" srcset=\"https:\/\/www.stellarinfo.com\/blog\/wp-content\/uploads\/2020\/06\/Assigning-suspicious-emails-to-incident.png 777w, https:\/\/www.stellarinfo.com\/blog\/wp-content\/uploads\/2020\/06\/Assigning-suspicious-emails-to-incident-300x203.png 300w, https:\/\/www.stellarinfo.com\/blog\/wp-content\/uploads\/2020\/06\/Assigning-suspicious-emails-to-incident-768x521.png 768w\" sizes=\"auto, (max-width: 777px) 100vw, 777px\" \/><figcaption><em><strong>Figure 4: <\/strong>Assigning suspicious emails to incident<\/em><\/figcaption><\/figure><\/div><p>Once an incident is created, go to&nbsp;<strong>Threat management<\/strong>&nbsp;&gt;&nbsp;<strong>Review<\/strong>. You can then select the incident and take appropriate actions on the suspicious emails.<\/p><h2 class=\"wp-block-heading\" id=\"analyzing-phishing-urls\"><strong>Analyzing Phishing URLs<\/strong><\/h2><p>You can use Threat Explorer to prevent phishing attacks by analyzing email URLs. However, you must meet the following requirements first:<\/p><ul class=\"wp-block-list\">\n<li>You have to configure&nbsp;<strong>Advanced Threat Protection (ATP) Safe links<\/strong>. This ensures that when a user clicks a malicious link in an email that is blacklisted as per your security policy, a warning page opens up, and the link is blocked.<\/li>\n\n\n\n<li>You have to set up ATP Safe Links policies for time-of-click protection (for verification of URLs in real-time) and also the logging of click verdicts by the links (registration of link actions viz. blocked or overridden).<\/li>\n<\/ul><p>To study phishing URLs in emails, following these steps:<\/p><ul class=\"wp-block-list\">\n<li>Select&nbsp;<strong>Phish<\/strong>&nbsp;view in the Threat Explorer dashboard.<\/li>\n\n\n\n<li>Change Sender option to&nbsp;<strong>URLs<\/strong>&nbsp;&gt;&nbsp;<strong>Click Verdict<\/strong>.<\/li>\n\n\n\n<li>Select the desired filter(s):&nbsp;<strong>Allowed<\/strong>,&nbsp;<strong>Blocked<\/strong>, or&nbsp;<strong>Block overridden&nbsp;<\/strong>(you can also pick multiple filters simultaneously), which will display a list of phishing URLs that were allowed, blocked, or overridden, respectively, in accordance with your security policy. Click the refresh button.<\/li>\n<\/ul><div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"650\" height=\"154\" src=\"https:\/\/www.stellarinfo.com\/blog\/wp-content\/uploads\/2020\/06\/Click-verdict-filters-selected.png\" alt=\"URLs and click verdict filters selected\" class=\"wp-image-58121 apply-gradient-on-post-images\" srcset=\"https:\/\/www.stellarinfo.com\/blog\/wp-content\/uploads\/2020\/06\/Click-verdict-filters-selected.png 650w, https:\/\/www.stellarinfo.com\/blog\/wp-content\/uploads\/2020\/06\/Click-verdict-filters-selected-300x71.png 300w\" sizes=\"auto, (max-width: 650px) 100vw, 650px\" \/><figcaption><em><strong>Figure 5: <\/strong>Click verdict filters selected<\/em><\/figcaption><\/figure><\/div><p>You will see two URL tables on the URL tab &ndash; Top URLs and Top clicks. The&nbsp;<strong>Top URLs tab&nbsp;<\/strong>contains genuine URLs (attackers generally use a mix of genuine and malicious URLs in emails to improve the rate of successful deliveries). The&nbsp;<strong>Top clicks<\/strong>&nbsp;tab shows URLs clicked by users that are sorted by click count. These URLs are more likely to be malicious.<\/p><p>You can click a URL that you want to inspect. It will open a fly-out dialog that provides additional details that give you an insight into the URL&rsquo;s impact on your email communication system.<\/p><h2 class=\"wp-block-heading\" id=\"using-a-third-party-software\"><strong>Using a third-party software<\/strong><\/h2><p>While&nbsp;<strong>Security Operations Center (SOC) analysts<\/strong>&nbsp;are investing their time and efforts to prevent numerous cyber threats in office 365, hackers are also coming up with improvised, new methods. It seems that all efforts to mitigate cyberattacks are not sufficient.&nbsp;<\/p><p>The number of organizations where Microsoft 365 is an integral part of their business development is on the rise; a third-party email forensics software may be required to help stop the spread of after-effects of such cyberattacks in the organization.&nbsp;<a href=\"https:\/\/www.stellarinfo.com\/email-forensics-software.php\" target=\"_blank\" rel=\"noreferrer noopener\">Stellar Email Forensic<\/a>&nbsp;is one such software. Stellar Email Forensics is an advanced software for email search, which supports investigation at the granular level and helps in digital evidence collection. This means that Boolean and Regular Expression search is accomplished in a few clicks.&nbsp;<\/p><p>In order to produce the evidence in a court of law,&nbsp;<a href=\"https:\/\/www.stellarinfo.com\/blog\/bulk-email-forensics-for-legal-professionals\/\" target=\"_blank\" rel=\"noreferrer noopener\">bulk email forensics<\/a>&nbsp;is also required, as there are high chances that the after-effects of the cyberattacks have spread at a large scale. Another great feature of Stellar Email Forensics is that it allows case management during criminal investigations through tagging, bookmarking, and logs.<\/p><figure class=\"wp-block-table\"><table class=\"has-background\" style=\"background-color:#f3f4f5\"><tbody><tr><td><strong><strong>Would like to try&nbsp;<\/strong><a href=\"https:\/\/www.stellarinfo.com\/email-forensics-software.php\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Stellar Email Forensic<\/strong><\/a><strong>? You can now use it! Download the software&nbsp;<\/strong><a href=\"https:\/\/www.stellarinfo.com\/email-forensics-software\/buy-now.php\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>here<\/strong><\/a><strong>.&nbsp;<\/strong><\/strong><\/td><\/tr><\/tbody><\/table><\/figure><p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Summary: While doing a malicious Email Investigation in Office 365, specific prerequisites&hellip; <a class=\"more-link\" href=\"https:\/\/www.stellarinfo.com\/blog\/malicious-emails-investigation-in-office-365\/\">Continue reading <span class=\"screen-reader-text\">Malicious Email Investigation in Office 365- A Guide for Security Operations Center\u00a0(SOC) Team<\/span><\/a><\/p>\n","protected":false},"author":39,"featured_media":58143,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1245],"tags":[1240,1409,3476,3422,3474,1408,3475,3421],"class_list":["post-58103","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-email-forensics","tag-email-forensics","tag-email-security","tag-how-to-protect-against-malware","tag-malicious-email","tag-malicious-email-attachments","tag-office-365","tag-specialized-email-forensics-software","tag-symptoms-of-malware-attack","entry"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.9 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Office 365 Malicious Emails Investigation- Guide for Security Professionals<\/title>\n<meta name=\"description\" content=\"Office 365 Threat Explorer can help you protect your organization from cybersecurity threats and simplify investigation of malicious emails.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.stellarinfo.com\/blog\/malicious-emails-investigation-in-office-365\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Office 365 Malicious Emails Investigation- Guide for Security Professionals\" \/>\n<meta property=\"og:description\" content=\"Office 365 Threat Explorer can help you protect your organization from cybersecurity threats and simplify investigation of malicious emails.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.stellarinfo.com\/blog\/malicious-emails-investigation-in-office-365\/\" \/>\n<meta property=\"og:site_name\" content=\"Stellar Data Recovery Blog\" \/>\n<meta property=\"article:published_time\" content=\"2020-06-09T11:53:02+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-08-20T05:55:27+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.stellarinfo.com\/blog\/wp-content\/uploads\/2020\/06\/Investigating-Malicious-Emails-in-Office-365-a.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"600\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Abhinav Sethi\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Abhinav Sethi\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.stellarinfo.com\/blog\/malicious-emails-investigation-in-office-365\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.stellarinfo.com\/blog\/malicious-emails-investigation-in-office-365\/\"},\"author\":{\"name\":\"Abhinav Sethi\",\"@id\":\"https:\/\/www.stellarinfo.com\/blog\/#\/schema\/person\/59813a3d157f4d3a68949bce854241f4\"},\"headline\":\"Malicious Email Investigation in Office 365- A Guide for Security Operations Center\u00a0(SOC) Team\",\"datePublished\":\"2020-06-09T11:53:02+00:00\",\"dateModified\":\"2024-08-20T05:55:27+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.stellarinfo.com\/blog\/malicious-emails-investigation-in-office-365\/\"},\"wordCount\":1496,\"image\":{\"@id\":\"https:\/\/www.stellarinfo.com\/blog\/malicious-emails-investigation-in-office-365\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.stellarinfo.com\/blog\/wp-content\/uploads\/2020\/06\/Investigating-Malicious-Emails-in-Office-365-a.jpg\",\"keywords\":[\"email forensics\",\"email security\",\"how to protect against malware\",\"malicious email\",\"Malicious Email Attachments\",\"Office 365\",\"SPECIALIZED EMAIL FORENSICS SOFTWARE\",\"Symptoms of malware attack\"],\"articleSection\":[\"Email Forensics\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.stellarinfo.com\/blog\/malicious-emails-investigation-in-office-365\/\",\"url\":\"https:\/\/www.stellarinfo.com\/blog\/malicious-emails-investigation-in-office-365\/\",\"name\":\"Office 365 Malicious Emails Investigation- Guide for Security Professionals\",\"isPartOf\":{\"@id\":\"https:\/\/www.stellarinfo.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.stellarinfo.com\/blog\/malicious-emails-investigation-in-office-365\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.stellarinfo.com\/blog\/malicious-emails-investigation-in-office-365\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.stellarinfo.com\/blog\/wp-content\/uploads\/2020\/06\/Investigating-Malicious-Emails-in-Office-365-a.jpg\",\"datePublished\":\"2020-06-09T11:53:02+00:00\",\"dateModified\":\"2024-08-20T05:55:27+00:00\",\"author\":{\"@id\":\"https:\/\/www.stellarinfo.com\/blog\/#\/schema\/person\/59813a3d157f4d3a68949bce854241f4\"},\"description\":\"Office 365 Threat Explorer can help you protect your organization from cybersecurity threats and simplify investigation of malicious emails.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.stellarinfo.com\/blog\/malicious-emails-investigation-in-office-365\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.stellarinfo.com\/blog\/malicious-emails-investigation-in-office-365\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.stellarinfo.com\/blog\/malicious-emails-investigation-in-office-365\/#primaryimage\",\"url\":\"https:\/\/www.stellarinfo.com\/blog\/wp-content\/uploads\/2020\/06\/Investigating-Malicious-Emails-in-Office-365-a.jpg\",\"contentUrl\":\"https:\/\/www.stellarinfo.com\/blog\/wp-content\/uploads\/2020\/06\/Investigating-Malicious-Emails-in-Office-365-a.jpg\",\"width\":1000,\"height\":600},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.stellarinfo.com\/blog\/malicious-emails-investigation-in-office-365\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.stellarinfo.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Malicious Email Investigation in Office 365- A Guide for Security Operations Center\u00a0(SOC) Team\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.stellarinfo.com\/blog\/#website\",\"url\":\"https:\/\/www.stellarinfo.com\/blog\/\",\"name\":\"Stellar Data Recovery Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.stellarinfo.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.stellarinfo.com\/blog\/#\/schema\/person\/59813a3d157f4d3a68949bce854241f4\",\"name\":\"Abhinav Sethi\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.stellarinfo.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/5f7b5067a858b11bbdea64a56366ad4f686cef22d39ccc50363bc5346e80a6de?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/5f7b5067a858b11bbdea64a56366ad4f686cef22d39ccc50363bc5346e80a6de?s=96&d=mm&r=g\",\"caption\":\"Abhinav Sethi\"},\"description\":\"Abhinav Sethi is a Senior Writer at Stellar. He writes articles, blog posts, knowledge-bases, case studies, etc. for different technologies. He also has a keen interest in digital forensics and helps forward-thinking companies fight different threats with apt solutions.\",\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/abhinav-sethi-126b123a\/\"],\"url\":\"https:\/\/www.stellarinfo.com\/blog\/author\/abhinav\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Office 365 Malicious Emails Investigation- Guide for Security Professionals","description":"Office 365 Threat Explorer can help you protect your organization from cybersecurity threats and simplify investigation of malicious emails.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.stellarinfo.com\/blog\/malicious-emails-investigation-in-office-365\/","og_locale":"en_US","og_type":"article","og_title":"Office 365 Malicious Emails Investigation- Guide for Security Professionals","og_description":"Office 365 Threat Explorer can help you protect your organization from cybersecurity threats and simplify investigation of malicious emails.","og_url":"https:\/\/www.stellarinfo.com\/blog\/malicious-emails-investigation-in-office-365\/","og_site_name":"Stellar Data Recovery Blog","article_published_time":"2020-06-09T11:53:02+00:00","article_modified_time":"2024-08-20T05:55:27+00:00","og_image":[{"width":1000,"height":600,"url":"https:\/\/www.stellarinfo.com\/blog\/wp-content\/uploads\/2020\/06\/Investigating-Malicious-Emails-in-Office-365-a.jpg","type":"image\/jpeg"}],"author":"Abhinav Sethi","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Abhinav Sethi","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.stellarinfo.com\/blog\/malicious-emails-investigation-in-office-365\/#article","isPartOf":{"@id":"https:\/\/www.stellarinfo.com\/blog\/malicious-emails-investigation-in-office-365\/"},"author":{"name":"Abhinav Sethi","@id":"https:\/\/www.stellarinfo.com\/blog\/#\/schema\/person\/59813a3d157f4d3a68949bce854241f4"},"headline":"Malicious Email Investigation in Office 365- A Guide for Security Operations Center\u00a0(SOC) Team","datePublished":"2020-06-09T11:53:02+00:00","dateModified":"2024-08-20T05:55:27+00:00","mainEntityOfPage":{"@id":"https:\/\/www.stellarinfo.com\/blog\/malicious-emails-investigation-in-office-365\/"},"wordCount":1496,"image":{"@id":"https:\/\/www.stellarinfo.com\/blog\/malicious-emails-investigation-in-office-365\/#primaryimage"},"thumbnailUrl":"https:\/\/www.stellarinfo.com\/blog\/wp-content\/uploads\/2020\/06\/Investigating-Malicious-Emails-in-Office-365-a.jpg","keywords":["email forensics","email security","how to protect against malware","malicious email","Malicious Email Attachments","Office 365","SPECIALIZED EMAIL FORENSICS SOFTWARE","Symptoms of malware attack"],"articleSection":["Email Forensics"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.stellarinfo.com\/blog\/malicious-emails-investigation-in-office-365\/","url":"https:\/\/www.stellarinfo.com\/blog\/malicious-emails-investigation-in-office-365\/","name":"Office 365 Malicious Emails Investigation- Guide for Security Professionals","isPartOf":{"@id":"https:\/\/www.stellarinfo.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.stellarinfo.com\/blog\/malicious-emails-investigation-in-office-365\/#primaryimage"},"image":{"@id":"https:\/\/www.stellarinfo.com\/blog\/malicious-emails-investigation-in-office-365\/#primaryimage"},"thumbnailUrl":"https:\/\/www.stellarinfo.com\/blog\/wp-content\/uploads\/2020\/06\/Investigating-Malicious-Emails-in-Office-365-a.jpg","datePublished":"2020-06-09T11:53:02+00:00","dateModified":"2024-08-20T05:55:27+00:00","author":{"@id":"https:\/\/www.stellarinfo.com\/blog\/#\/schema\/person\/59813a3d157f4d3a68949bce854241f4"},"description":"Office 365 Threat Explorer can help you protect your organization from cybersecurity threats and simplify investigation of malicious emails.","breadcrumb":{"@id":"https:\/\/www.stellarinfo.com\/blog\/malicious-emails-investigation-in-office-365\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.stellarinfo.com\/blog\/malicious-emails-investigation-in-office-365\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.stellarinfo.com\/blog\/malicious-emails-investigation-in-office-365\/#primaryimage","url":"https:\/\/www.stellarinfo.com\/blog\/wp-content\/uploads\/2020\/06\/Investigating-Malicious-Emails-in-Office-365-a.jpg","contentUrl":"https:\/\/www.stellarinfo.com\/blog\/wp-content\/uploads\/2020\/06\/Investigating-Malicious-Emails-in-Office-365-a.jpg","width":1000,"height":600},{"@type":"BreadcrumbList","@id":"https:\/\/www.stellarinfo.com\/blog\/malicious-emails-investigation-in-office-365\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.stellarinfo.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Malicious Email Investigation in Office 365- A Guide for Security Operations Center\u00a0(SOC) Team"}]},{"@type":"WebSite","@id":"https:\/\/www.stellarinfo.com\/blog\/#website","url":"https:\/\/www.stellarinfo.com\/blog\/","name":"Stellar Data Recovery Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.stellarinfo.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.stellarinfo.com\/blog\/#\/schema\/person\/59813a3d157f4d3a68949bce854241f4","name":"Abhinav Sethi","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.stellarinfo.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/5f7b5067a858b11bbdea64a56366ad4f686cef22d39ccc50363bc5346e80a6de?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/5f7b5067a858b11bbdea64a56366ad4f686cef22d39ccc50363bc5346e80a6de?s=96&d=mm&r=g","caption":"Abhinav Sethi"},"description":"Abhinav Sethi is a Senior Writer at Stellar. He writes articles, blog posts, knowledge-bases, case studies, etc. for different technologies. He also has a keen interest in digital forensics and helps forward-thinking companies fight different threats with apt solutions.","sameAs":["https:\/\/www.linkedin.com\/in\/abhinav-sethi-126b123a\/"],"url":"https:\/\/www.stellarinfo.com\/blog\/author\/abhinav\/"}]}},"_links":{"self":[{"href":"https:\/\/www.stellarinfo.com\/blog\/wp-json\/wp\/v2\/posts\/58103","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.stellarinfo.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.stellarinfo.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.stellarinfo.com\/blog\/wp-json\/wp\/v2\/users\/39"}],"replies":[{"embeddable":true,"href":"https:\/\/www.stellarinfo.com\/blog\/wp-json\/wp\/v2\/comments?post=58103"}],"version-history":[{"count":25,"href":"https:\/\/www.stellarinfo.com\/blog\/wp-json\/wp\/v2\/posts\/58103\/revisions"}],"predecessor-version":[{"id":172586,"href":"https:\/\/www.stellarinfo.com\/blog\/wp-json\/wp\/v2\/posts\/58103\/revisions\/172586"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.stellarinfo.com\/blog\/wp-json\/wp\/v2\/media\/58143"}],"wp:attachment":[{"href":"https:\/\/www.stellarinfo.com\/blog\/wp-json\/wp\/v2\/media?parent=58103"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.stellarinfo.com\/blog\/wp-json\/wp\/v2\/categories?post=58103"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.stellarinfo.com\/blog\/wp-json\/wp\/v2\/tags?post=58103"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}