The O365 Inbox Rules detection rule is designed to identify potentially malicious activities related to email inbox rules within Microsoft Office 365 environments. The technique focuses on identifying when inbox rules are newly created, modified, or enabled, which could indicate attempts by threat actors to manipulate email flow for nefarious purposes, such as redirecting sensitive information or bypassing security filters. The rule leverages specific PowerShell commands (`New-InboxRule`, `Set-InboxRule`, and `Enable-InboxRule`) to capture relevant events from the Office 365 audit logs, ensuring that any unauthorized or suspicious changes to inbox rules are detected in real time. The corresponding statistics generated will detail the involved user accounts, IP addresses, and request parameters, ultimately helping security teams to respond promptly. This rule is pertinent given the threat actor associations with known adversaries like Lapsus$ and SEABORGIUM, who have been implicated in targeted email manipulation tactics.