TP: If you can ensure that inbox rule was made by an OAuth 3rd-get together application with suspicious scopes shipped from an unfamiliar resource, then a true positive is detected. New application with mail permissions acquiring very low consent pattern Severity: Medium This detection identifies OAuth apps developed recently https://willa487lly8.luwebs.com/profile
