{"id":322,"date":"2025-09-16T14:21:05","date_gmt":"2025-09-16T13:21:05","guid":{"rendered":"https:\/\/cyber-resilience.mobi\/?p=322"},"modified":"2025-09-16T14:21:05","modified_gmt":"2025-09-16T13:21:05","slug":"automatic-reply","status":"publish","type":"post","link":"https:\/\/cyber-resilience.mobi\/?p=322","title":{"rendered":"Automatic reply"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">Cette requ\u00eate permet de :<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Analyser les r\u00e9ponses automatiques sortantes<\/strong>\u00a0envoy\u00e9es par les utilisateurs.<\/li>\n\n\n\n<li><strong>Identifier les extensions de domaine cibl\u00e9es<\/strong>.<\/li>\n\n\n\n<li><strong>D\u00e9tecter d\u2019\u00e9ventuelles menaces<\/strong>\u00a0associ\u00e9es \u00e0 ces envois.<\/li>\n\n\n\n<li><strong>Basculer entre une vue statistique ou d\u00e9taill\u00e9e<\/strong>\u00a0selon le besoin.<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>EmailEvents\n\/\/ add your automatic replies cases in your languages\n| where Subject startswith \"Automatic reply:\"\n| where DeliveryAction has \"Delivered\" and EmailDirection has \"Outbound\"\n| extend Username = split(RecipientEmailAddress, \"@\")&#91;0], Domain = tostring(split(RecipientEmailAddress, \"@\")&#91;1])\n| extend DomainParts = split(RecipientEmailAddress, \".\")\n| extend DomainExtensions = tostring(DomainParts&#91;-1])\n| summarize count() by DomainExtensions ,EmailDirection, DeliveryAction,DeliveryLocation, ThreatTypes\n\/\/ if you want to have deeper information instead of a general view, you can use the next line and remove\/comment the previous one\n\/\/| distinct SenderDisplayName, SenderMailFromDomain, SenderIPv4, RecipientEmailAddress,DomainExtensions,Domain,Subject, EmailDirection, DeliveryAction, DeliveryLocation, ThreatTypes<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"<p>Cette requ\u00eate permet de :<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[20],"tags":[18],"class_list":["post-322","post","type-post","status-publish","format-standard","hentry","category-kql-sentinel","tag-kql"],"_links":{"self":[{"href":"https:\/\/cyber-resilience.mobi\/index.php?rest_route=\/wp\/v2\/posts\/322","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cyber-resilience.mobi\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyber-resilience.mobi\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyber-resilience.mobi\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cyber-resilience.mobi\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=322"}],"version-history":[{"count":1,"href":"https:\/\/cyber-resilience.mobi\/index.php?rest_route=\/wp\/v2\/posts\/322\/revisions"}],"predecessor-version":[{"id":323,"href":"https:\/\/cyber-resilience.mobi\/index.php?rest_route=\/wp\/v2\/posts\/322\/revisions\/323"}],"wp:attachment":[{"href":"https:\/\/cyber-resilience.mobi\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=322"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyber-resilience.mobi\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=322"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyber-resilience.mobi\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=322"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}