Rules: Email Files Written Outside Of The Outlook Directory Description The rule detects email files created outside the normal Outlook directory. Additional Details Detail Value Type Templated Match Category Defense Evasion Apply Risk to Entities device_hostname, device_ip, user_username Signal Name Email Files Written Outside Of The Outlook Directory Summary Expression Email file: {{file_basename}} written outside Outlook directory on host {{device_hostname}} Score/Severity Static: 4 Enabled by Default True Prototype False Tags _mitreAttackTactic:TA0005, _mitreAttackTechnique:T1036, _mitreAttackTechnique:T1036.005, _mitreAttackTechnique:T1036.004 Vendors and Products Bitdefender - GravityZone Cisco Systems - ASA Code42 - Incydr Egnyte - DLP Google - G Suite ManageEngine - adauditplus Microsoft - Azure Microsoft - Graph Security API Microsoft - Office 365 Microsoft - Windows Netskope - Security Cloud Proofpoint - Targeted Attack Protection Varonis - DatAdvantage Fields Used Origin Field Normalized Schema baseImage Normalized Schema device_hostname Normalized Schema device_ip Normalized Schema file_basename Normalized Schema file_path Normalized Schema lower Normalized Schema user_username