Supported Anomalies

Critical Anomalies

This anomaly inspects new rules configured to delete all the incoming emails. It detects potential malicious configuration to delete all the incoming emails. This behavior may indicate an account takeover.

This anomaly has the highest impact.

This anomaly is triggered when an internal user sends a phishing or spam email to internal and/or external recipients.

Note:

Using exceptions, administrators can disable this anomaly for a specific user or for all users.

This anomaly inspects new rules configured to move all the incoming emails to a subfolder. It detects possible malicious configurations to move all the incoming emails to a specific subfolder. This behavior could indicate an account takeover.

This anomaly uses an AI engine designed to inspect all the parameters of login events to pinpoint those that malicious actors do.

The AI engine inspects a variety of parameters, including IP address, browser type, browser version, device, VPN brand, etc.

Login events detected by this AI engine flag the corresponding users as compromised.

This anomaly detects the compromised accounts based on the IP address from which attackers logged into Microsoft 365.

Users logging into Microsoft 365 from IP addresses detected as sources of phishing emails or from the IP address known to Check Point as malicious will be flagged as compromised.