Microsoft Exchange

What is Microsoft Exchange?

Microsoft Exchange is Microsoft's email platform, available both as an on-premise server deployment and as a cloud service through Microsoft 365. It is the email backbone for a large proportion of enterprise organizations, processing millions of messages daily and generating detailed message trace logs, transport rule events, and mailbox audit records. For security teams, Exchange logs are the primary data source for phishing investigations: they show exactly which users received a malicious email, whether it was clicked, whether forwarding rules were created by an attacker, and whether any data was exfiltrated through email channels. Exchange also integrates with Microsoft Defender for Office 365, which adds sandboxing and detonation capabilities for attachments and URLs, layering threat intelligence on top of the raw message flow data.

How does Microsoft Exchange work with Qevlar?

Qevlar integrates with Microsoft Exchange to investigate email-based threats as part of automated alert triage. When a phishing campaign or a business email compromise scenario is detected, Qevlar can query Exchange to identify all affected mailboxes, trace the delivery path of malicious messages, and determine whether any attacker-created forwarding rules remain active.