Microsoft Graph

The detecting-business-email-compromise skill helps analysts, SOC teams, and incident responders identify BEC attempts using email-header checks, social-engineering clues, detection logic, and response-oriented workflows. Use it as a practical detecting-business-email-compromise guide for triage, validation, and containment.

detecting-azure-lateral-movement helps security analysts hunt lateral movement in Azure AD/Entra ID and Microsoft Sentinel using Microsoft Graph audit logs, sign-in telemetry, and KQL correlation. Use it for incident triage, detection engineering, and security audit workflows covering consent abuse, service principal misuse, token theft, and cross-tenant pivoting.

The detecting-email-forwarding-rules-attack skill helps Security Audit, threat hunting, and incident response teams find malicious mailbox forwarding rules used for persistence and email collection. It guides analysts through Microsoft 365 and Exchange evidence, suspicious rule patterns, and practical triage for forwarding, redirect, delete, and hide behaviors.

detecting-email-account-compromise helps incident responders and SOC analysts investigate Microsoft 365 and Google Workspace mailbox takeover by checking suspicious sign-ins, inbox rule abuse, external forwarding, OAuth grants, and Graph/audit-log activity. Use it as a practical detecting-email-account-compromise guide for fast triage.

Detect business email compromise with AI using NLP, stylometry, behavioral signals, and relationship context. This detecting-business-email-compromise-with-ai skill helps SOC, fraud, and Security Audit teams score suspicious emails, explain risk signals, and decide whether to quarantine, warn, or escalate.

detecting-anomalous-authentication-patterns helps analyze authentication logs for impossible travel, brute force, password spraying, credential stuffing, and compromised-account activity. Built for Security Audit, SOC, IAM, and incident response workflows with baseline-aware detection and evidence-backed sign-in analysis.