This detection rule is designed to identify and respond to emails reported by users as phishing or containing malware in an Office 365 environment. It underscores the importance of user awareness in combating phishing attempts and malware distribution, as security systems can sometimes fail to catch sophisticated threats. The rule analyzes user-generated reports of suspicious emails correlated with security events, enabling quicker identification of legitimate threats. Investigation steps include reviewing alert details, examining event datasets for context, correlating reported emails with other security incidents, using threat intelligence to verify reported threats, and assessing users' activities after receiving the emails. It also discusses handling false positives stemming from user reports and offers guidance for incident response. Implementing this detection mechanism is essential for bolstering organizational defenses against emerging email threats.