SigmaHQ
diff --git a/‎.github/latest_archiver_output.md‎
Lines changed: 565 additions & 563 deletions b/‎.github/latest_archiver_output.md‎
Lines changed: 565 additions & 563 deletions
diff --git a/‎…xchange_mailbox_smpt_forwarding_rule.yml‎ ‎…xchange_mailbox_smpt_forwarding_rule.yml‎rules/windows/powershell/powershell_script/posh_ps_exchange_mailbox_smpt_forwarding_rule.yml renamed to deprecated/windows/posh_ps_exchange_mailbox_smpt_forwarding_rule.yml
Lines changed: 2 additions & 1 deletion b/‎…xchange_mailbox_smpt_forwarding_rule.yml‎ ‎…xchange_mailbox_smpt_forwarding_rule.yml‎rules/windows/powershell/powershell_script/posh_ps_exchange_mailbox_smpt_forwarding_rule.yml renamed to deprecated/windows/posh_ps_exchange_mailbox_smpt_forwarding_rule.yml
Lines changed: 2 additions & 1 deletion
@@ -1,11 +1,12 @@
 title: Suspicious PowerShell Mailbox SMTP Forward Rule
 id: 15b7abbb-8b40-4d01-9ee2-b51994b1d474
-status: test
+status: deprecated
 description: Detects usage of the powerShell Set-Mailbox Cmdlet to set-up an SMTP forwarding rule.
 references:
     - https://m365internals.com/2022/10/07/hunting-in-on-premises-exchange-server-logs/
 author: Nasreddine Bencherchali (Nextron Systems)
 date: 2022-10-26
+modified: 2026-03-01
 tags:
     - attack.exfiltration
 logsource: