クラウドストライクがBEC詐欺の調査中にOffice365の秘密のAPIを見つけてメールボックスのアクティビティを観れるもので色々できるんじゃないかって話

In the course of the CrowdStrike® Services team’s investigative work responding to BEC cases, we recently discovered a capability within Office 365 that allows for the retrieval of Outlook mailbox activity logs that far exceeds the granularity provided by existing, documented Office 365 log sources, such as the Unified Audit Log. This capability represents access to an always-on, mailbox activity recording system that is active by default for all users. This blog details CrowdStrike’s knowledge of and experience with this remarkable Office 365 logging capability.

Using the Office 365 Activities API to Investigate Business Email Compromises