Talk With an Expert

Demystifying BEC Threat Detection in Microsoft 365

  • Thu, Apr 17, 2025
  • 1:00PM - 2:00PM UTC
  • English
  • Lydia Graslie
  • Technical Presentation
Webcast Hero

When it comes to threat detection on Business Email Compromise (BEC) in Microsoft 365, a new engineer can quickly become overwhelmed- which log sources contain the events I need? Which events do I need to look for? How do I make sure I'm getting all the events I need? Finally, how do I create good detections with the events I'm getting? This webcast familiarizes new threat detection engineers with critical log sources and provides guidance on creating production-ready detections.

Learning Objectives

  • Understand log events related to Business Email Compromise (BEC)
  • Familiarization with log sources in Entra ID and Microsoft 365
  • Understanding and enabling mailbox auditing events
  • Creating and tuning detections in KQL

Meet the speaker

Lydia Graslie
Lydia Graslie

Lydia Graslie

Detection Engineer

Lydia Graslie is a Threat Detection Engineer at a Fortune 500 specializing in SaaS security.

Read more about Lydia Graslie
Demystifying BEC Threat Detection in Microsoft 365 | SANS Institute