TP: If you're able to validate that inbox rule was designed by an OAuth third-bash application with suspicious scopes sent from an not known supply, then a true positive is indicated. This part describes alerts indicating that a malicious actor can be trying to steal data of interest to https://saulp889sni4.vblogetin.com/profile
