Evidence: Microsoft Exchange Logs
Description: Collect Microsoft Exchange Logs
Category: Applications
Platform: windows
Short Name: exchl
Is Parsed: No
Sent to Investigation Hub: No
Collect File(s): Yes
Background
Microsoft Exchange Server logs track email message flow, client connections, transport events, and search operations. Exchange is a critical enterprise email and collaboration platform frequently targeted by attackers.
Data Collected
This collector gathers structured data about microsoft exchange logs.
Collection Method
This collector gathers Exchange logs from Logging directories, including transport logs, search diagnostics, ETL traces, and transport role logs.
Forensic Value
Exchange logs are vital for investigating email-based attacks, data exfiltration, mailbox compromises, and lateral movement. They reveal message tracking, authentication attempts, and suspicious email patterns that may indicate phishing or BEC attacks.
