Note: Please refer to the following before installing the solution:

• Review the solution Release Notes

• There may be known issues pertaining to this Solution, please refer to them before installing

Business Email Compromise (BEC) attacks often aim to commit financial fraud by locating sensitive payment or invoice details and using these to hijack legitimate transactions. This solution, in combination with other solutions listed below, provide a range of content to help detect and investigate BEC attacks at different stages of the attack cycle, and across multiple data sources including AWS, SAP, Okta, Dynamics 365, Microsoft Entra ID, Microsoft 365 and network logs.

This content covers all stages of the attack chain from an initial phishing attack vector, establishing persistence to an environment, locating and collecting sensitive financial information from data stores, and then perpetrating and hiding their fraud. This range of content complements the coverage Microsoft Defender XDR provides across Microsoft Defender products.

In order to gain the most comprehensive coverage possible customers should deploy the content included in this solution as well as content from the following solutions:

Analytic Rules: 7, Hunting Queries: 13

Learn more about Microsoft Sentinel | Learn more about Solutions