Microsoft Exchange

  • Updated on Mar 25, 2024
  • Published on Jun 13, 2023
Prev Next

image

Self Service Ingestion

Connect this data source on your own, using the Hunters platform.

Microsoft Exchange is an email product by Microsoft. In Exchange Server, mail flow occurs through the transport pipeline. The transport pipeline is a collection of services, connections, components, and queues that work together to route all messages to the categorizer in the Transport service on an Exchange Mailbox server inside the organization.

Integrating Microsoft Exchange into Hunters will allow ingestion of the data types into your datalake, and leveraging the data for various detection use cases.

Microsoft Exchange Message Tracking Logs

Table name: microsoft_exchange_message_tracking_logs

The message tracking log is a detailed record of all activity as mail flows through the transport pipeline on Mailbox servers and Edge Transport servers.

Learn more here.

Once the export is completed and the logs are collected to S3, follow the steps in this section.

Microsoft Exchange Message Tracking Logs

2023-02-08T02:00:28.129Z,ab12::345c:6d78:e90f:1234%5,CLIENT.HOST.NAME,SERVER_IP,SERVER.HOST.NAME,"a:b",,SOURCE,EVENT_ID,,,,,,,,,,,SenderAddress@example.com,,2023-02-08T02:00:27.996Z;ABCD=SERVER.HOST.NAME:TOTAL-SUB=0.123|SA=0.123|MTSS-PEN=0.000,,,,,S:ItemEntryId=00-00-00-00-0A-B1-C2-34-56-7D-8E-90-F2-G0-1H-50-I1-J4-K1-92-07-00-L1-MN-44-67-0P-05-Q9-4R-S8-TU-43-7V-35-W1-31-X9-00-00-00-00-01-0Y-00-00-Z8-A0-9B-32-C8-81-9D-42-91-1E-F3-GC-23-21-HI-3J-00-03-7F-9F-8D-A6-00-00,,0aab8309-01cc-4d11-8e52-08ff09784039,15.01.1122.334
2023-02-08T02:00:37.225Z,,,::0,BOX1234,"a:b, c:d:e, f:gggg",,SOURCE,RECEIVE,123456,<aabb112233cc44ddee5566ffgg77881@BOX1234.test.firm>,123dad45-6abc-789d-6138-08dd097115a2,sender.address@sample.com,To,1122,1,,<aabb112233cc44ddee5566ffgg77881@BOX1234.test.firm>,Automatic reply: Example message,Someone@sample.com,<>,03I:,Originating,,,,S:DeliveryPriority=Normal;S:OriginalFromAddress=sender.address@sample.com;S:AccountForest=root.firm,Email,12a345b6-cdef-78g9-1122-33aa445566a7,15.01.1234.123
Plain text