Account compromise detection
Real-time detection of suspicious mail rules, a high fidelity indicator of compromise. Rapidly detect and disable them to prevent further account compromise.

Integrate Push with your Microsoft 365 or Google Workspace tenant to get instant visibility into all mail rules created in employee mailboxes.
When a new mail rule is created, Push automatically asks employees to confirm that they created it. If they say they didn't, your security team is immediately alerted using ChatOps so you can kick off an investigation right away.
Minimize an attacker’s window of opportunity by disabling or deleting suspicious mail rules in the ChatOps alert. You can also disable and delete mail rules in the Push platform.
Detecting malicious mail rules isn’t just a post-compromise action. It also allows you to prevent attackers from forwarding password reset emails to themselves and compromising additional SaaS accounts.