Phish vs Spam vs Total O365 Email in Microsoft Sentinel
By Greg Vedders
Here is a simple Microsoft Sentinel search to show how much phishing/spam email is received vs good email for a specified user in a given time frame.
let UserToAnalyze="[email protected]";
EmailEvents
| where RecipientEmailAddress==UserToAnalyze
| project RecipientEmailAddress, ThreatTypes
| evaluate pivot(ThreatTypes)
| sort by RecipientEmailAddress asc
Thank you to Microsoft for publishing this query on GitHub.