Microsoft Exchange Logs

Overview

Evidence: Microsoft Exchange Logs Description: Collect Microsoft Exchange Logs Category: Applications Platform: windows Short Name: exchl Is Parsed: No Sent to Investigation Hub: No Collect File(s): Yes

Background

Microsoft Exchange Server logs track email message flow, client connections, transport events, and search operations. Exchange is a critical enterprise email and collaboration platform frequently targeted by attackers.

Data Collected

This collector gathers structured data about microsoft exchange logs.

Collection Method

This collector gathers Exchange logs from Logging directories, including transport logs, search diagnostics, ETL traces, and transport role logs.

Forensic Value

Exchange logs are vital for investigating email-based attacks, data exfiltration, mailbox compromises, and lateral movement. They reveal message tracking, authentication attempts, and suspicious email patterns that may indicate phishing or BEC attacks.