Greg Vedders
  • About
  • Tags
  • Posts

Phish vs Spam vs Total O365 Email in Microsoft Sentinel

Use Microsoft Sentinel to report on email message types for a particular user in the domain

posts
April 8, 2022 • 1 min read • 55 words

Here is a simple Microsoft Sentinel search to show how much phishing/spam email is received vs good email for a specified user in a given time frame.

let UserToAnalyze="[email protected]";
EmailEvents
| where RecipientEmailAddress==UserToAnalyze
| project RecipientEmailAddress, ThreatTypes
| evaluate pivot(ThreatTypes)
| sort by RecipientEmailAddress asc

Thank you to Microsoft for publishing this query on GitHub.

Share this post
← Older Leaked Credentials Search in Microsoft Sentinel Newer → Using ChatGPT to Describe Code

About

Greg Vedders writes about information security, troubleshooting, photography, and the occasional unexpected fix.

Recent Posts

  • Automating CatPosters.us With a Gemini and WordPress Bot
  • Teaching Git: What I Covered in Class
  • Introducing Signage Suite — Self-Hosted Wall Displays in PHP
  • Rebuilding gregvedders.com Without a Hugo Theme
  • Hardening a Public Honeypot Server

Tags

Microsoft Microsoft Sentinel Security

Related Posts

  • Leaked Credentials Search in Microsoft Sentinel
  • Logon and Logoff Times for Windows Users (Splunk)
© Greg Vedders 2026