Microsoft Exchange

Overview

Microsoft Exchange is an email product by Microsoft. In Exchange Server, mail flow occurs through the transport pipeline. The transport pipeline is a collection of services, connections, components, and queues that work together to route all messages to the categorizer in the Transport service on an Exchange Mailbox server inside the organization.

Integrating Microsoft Exchange into Hunters will allow ingestion of the data types into your datalake, and leveraging the data for various detection use cases.

Supported data types

Microsoft Exchange Message Tracking Logs

Table name: microsoft_exchange_message_tracking_logs

The message tracking log is a detailed record of all activity as mail flows through the transport pipeline on Mailbox servers and Edge Transport servers.

Learn more here.

Send data to Hunters

Expected format

Microsoft Exchange Message Tracking Logs

2023-02-08T02:00:28.129Z,ab12::345c:6d78:e90f:1234%5,CLIENT.HOST.NAME,SERVER_IP,SERVER.HOST.NAME,"a:b",,SOURCE,EVENT_ID,,,,,,,,,,,SenderAddress@example.com,,2023-02-08T02:00:27.996Z;ABCD=SERVER.HOST.NAME:TOTAL-SUB=0.123|SA=0.123|MTSS-PEN=0.000,,,,,S:ItemEntryId=00-00-00-00-0A-B1-C2-34-56-7D-8E-90-F2-G0-1H-50-I1-J4-K1-92-07-00-L1-MN-44-67-0P-05-Q9-4R-S8-TU-43-7V-35-W1-31-X9-00-00-00-00-01-0Y-00-00-Z8-A0-9B-32-C8-81-9D-42-91-1E-F3-GC-23-21-HI-3J-00-03-7F-9F-8D-A6-00-00,,0aab8309-01cc-4d11-8e52-08ff09784039,15.01.1122.334
2023-02-08T02:00:37.225Z,,,::0,BOX1234,"a:b, c:d:e, f:gggg",,SOURCE,RECEIVE,123456,<aabb112233cc44ddee5566ffgg77881@BOX1234.test.firm>,123dad45-6abc-789d-6138-08dd097115a2,sender.address@sample.com,To,1122,1,,<aabb112233cc44ddee5566ffgg77881@BOX1234.test.firm>,Automatic reply: Example message,Someone@sample.com,<>,03I:,Originating,,,,S:DeliveryPriority=Normal;S:OriginalFromAddress=sender.address@sample.com;S:AccountForest=root.firm,Email,12a345b6-cdef-78g9-1122-33aa445566a7,15.01.1234.123