{"id":301,"date":"2025-01-13T09:43:11","date_gmt":"2025-01-13T08:43:11","guid":{"rendered":"https:\/\/cyber-resilience.mobi\/?p=301"},"modified":"2025-01-13T09:43:11","modified_gmt":"2025-01-13T08:43:11","slug":"detection-des-messages-de-reponse-automatique-envoyes-en-externe","status":"publish","type":"post","link":"https:\/\/cyber-resilience.mobi\/?p=301","title":{"rendered":"D\u00e9tection des messages de r\u00e9ponse automatique envoy\u00e9s en externe."},"content":{"rendered":"\n<pre class=\"wp-block-code\"><code>EmailEvents\n\/\/ add your automatic replies cases in your languages\n| where Subject startswith \"Automatic reply:\"\n| where DeliveryAction has \"Delivered\" and EmailDirection has \"Outbound\"\n| extend Username = split(RecipientEmailAddress, \"@\")&#91;0], Domain = tostring(split(RecipientEmailAddress, \"@\")&#91;1])\n| extend DomainParts = split(RecipientEmailAddress, \".\")\n| extend DomainExtensions = tostring(DomainParts&#91;-1])\n| summarize count() by DomainExtensions ,EmailDirection, DeliveryAction,DeliveryLocation, ThreatTypes\n\/\/ if you want to have deeper information instead of a general view, you can use the next line and remove\/comment the previous one\n\/\/| distinct SenderDisplayName, SenderMailFromDomain, SenderIPv4, RecipientEmailAddress,DomainExtensions,Domain,Subject, EmailDirection, DeliveryAction, DeliveryLocation, ThreatTypes<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[20],"tags":[18,19,22],"class_list":["post-301","post","type-post","status-publish","format-standard","hentry","category-kql-sentinel","tag-kql","tag-kusto","tag-sentinel"],"_links":{"self":[{"href":"https:\/\/cyber-resilience.mobi\/index.php?rest_route=\/wp\/v2\/posts\/301","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cyber-resilience.mobi\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyber-resilience.mobi\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyber-resilience.mobi\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cyber-resilience.mobi\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=301"}],"version-history":[{"count":1,"href":"https:\/\/cyber-resilience.mobi\/index.php?rest_route=\/wp\/v2\/posts\/301\/revisions"}],"predecessor-version":[{"id":302,"href":"https:\/\/cyber-resilience.mobi\/index.php?rest_route=\/wp\/v2\/posts\/301\/revisions\/302"}],"wp:attachment":[{"href":"https:\/\/cyber-resilience.mobi\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=301"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyber-resilience.mobi\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=301"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyber-resilience.mobi\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=301"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}