The Shadow Workflows capability will provide detection and response of the most common post-compromise malicious activities. These activities include: Malicious inbox rule creation (we are completely revamping how we detect malicious inbox rules as part of this effort) Malicious phishing campaigns: At a minimum, we will detect and generate an incident report when a mailbox is responsible for a malicious phishing campaign. Data exfiltration timeline: Provide a timeline and attack summary within the ITDR incident report to enable users to quickly determine scope of an attack.
