This detection rule is designed to identify when exported results from content searches conducted within the Office 365 Security and Compliance Center occur. Utilizing the SearchExported operation sourced from the o365_management_activity data, the rule raises alerts when an export operation is detected. This is crucial as it may involve exporting sensitive organizational data, thereby posing a potential risk of data exfiltration. The rule captures relevant metadata such as the user conducting the operation and the specifics of the exported search. Given the sensitivity of the information that could be accessed through these exports, this detection ensures that any unauthorized or suspicious activity is flagged for security review.