The PST Export Alert using 'New-ComplianceSearchAction' is designed to monitor for potentially unauthorized exports of PST files via Microsoft 365 Compliance Center. This detection rule triggers alerts when a user executes a PST export operation through the PowerShell cmdlet 'New-ComplianceSearchAction' with the '-Export' parameter. It is particularly relevant in environments where eDiscovery search or export alerts may be disabled, thus providing an additional layer of security to track sensitive data exfiltration. The rule focuses on the use of PowerShell commands within the Exchange Online context, allowing organizations to identify when actions related to export of personal storage table (PST) files occur, potentially indicating nefarious activity. Given that exporting PST files can have legitimate reasons, such as data migrations or user requests, the rule is designed to minimize false positives while emphasizing the significance of monitoring for such actions. A clear description of the use case helps ensure that security teams can investigate the events appropriately, ensuring business continuity without compromising security.