TP: If you can confirm that inbox rule was made by an OAuth third-party application with suspicious scopes delivered from an not known supply, then a real positive is indicated. This section describes alerts indicating that a destructive actor may very well be seeking to steal data of interest https://waynef765thy0.empirewiki.com/user
