New-InboxRule cmdlet needs CreationDate added
When an account compromise happens, the majority of times the threat actor will create a new-inboxrule to hide their activity. Currently when new-inboxrules are created there is no logging for the Creation Date via powershell cmdlet. If we could get this logged, it would help tremendously with account compromises. Also adding a historical rule creation view for past 90 days would be beneficial as well.
Yes, we need to have unlimited data on when things were created and from what IP too. This to me is basic stuff.
any object which can be created and changed should have creation/modification dates, not just Rules
I can't believe the date and time stamps aren't on this by default. I'd like to speak to the person who thought that was a good idea...
Absolutely. Definitely need to be able to see the date/time of creation via get-inboxrule!
Product team: see this entry asking for the same thing: https://office365.uservoice.com/forums/273493-office-365-admin/suggestions/34488787-get-inboxrule-cmdlet-should-expose-creation-date
Couldn't agree more, and the creation date (WhenCreated) should also be exposed to the Get-Inboxrule cmdlet as well. We'd like to create a report using powershell for all recent inbox rules, to try and catch compromised accounts in an early stage. This is now impossible due to the creation date missing.