This rule detects anomalous behavior associated with the export of Exchange mailboxes that may signify an attack vector for embedding web shells or misusing mailbox management roles. It specifically identifies successful exports that occur to unusual directories or files with an '.aspx' suffix, both of which are commonly associated with unauthorized web access. The detection logic encompasses commands related to mailbox export requests and management role assignments, particularly focusing on the use of 'New-MailboxExportRequest' and 'New-ManagementRoleAssignment'. The critical level of this rule indicates that any triggers warrant immediate investigation.