- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
Detect when a potentially malicious file is sent in Microsoft Teams. Threat actors sometimes send malicious files to unsuspecting users as a means of initial access.
Monitor Microsoft 365 Sharepoint audit logs to look for the operation FileUploaded
. When a file is shared in Teams, it utilizes the underlying Microsoft Office APIs to upload the file using SharePoint. The Teams file uploads are audited within the Microsoft Office’s activity log as SharePoint file operations. To differentiate Teams file uploads from those of other services, we use the AppAccessContext.ClientAppName
attribute with the value of Microsoft Teams Chat Files
. This detection identifies when a file with any of the following extensions is uploaded:
{{@SourceFileName}}
that was sent by viewing the Sharepoint link: {{@ObjectId}}
containing the file.{{@usr.email}}
intended to send the observed file.{{@usr.email}}
didn’t intend to send the observed file or happens to be a guest or external user:{{@usr.email}}
using the Cloud SIEM - User Investigation dashboard.