From 750d63d98eb58292ef5735294655d1204d739255 Mon Sep 17 00:00:00 2001
From: Shain <45466083+shainw@users.noreply.github.com>
Date: Mon, 3 Feb 2025 10:20:32 -0800
Subject: [PATCH] Update MailItemsAccessedTimeSeries.yaml

---
 .../Analytic Rules/MailItemsAccessedTimeSeries.yaml         | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Solutions/Microsoft 365/Analytic Rules/MailItemsAccessedTimeSeries.yaml b/Solutions/Microsoft 365/Analytic Rules/MailItemsAccessedTimeSeries.yaml
index bfd73e4c4e..03a770a12e 100644
--- a/Solutions/Microsoft 365/Analytic Rules/MailItemsAccessedTimeSeries.yaml	
+++ b/Solutions/Microsoft 365/Analytic Rules/MailItemsAccessedTimeSeries.yaml	
@@ -5,7 +5,7 @@ description: |
   The query leverages KQL built-in anomaly detection algorithms to find large deviations from baseline patterns.
   Sudden increases in execution frequency of sensitive actions should be further investigated for malicious activity.
   Manually change scorethreshold from 1.5 to 3 or higher to reduce the noise based on outliers flagged from the query criteria.
-  Read more about MailItemsAccessed- https://docs.microsoft.com/microsoft-365/compliance/advanced-audit?view=o365-worldwide#mailitemsaccessed'
+  Read more about MailItemsAccessed- https://learn.microsoft.com/en-us/purview/audit-log-investigate-accounts'
 severity: Medium
 status: Available
 requiredDataConnectors:
@@ -76,5 +76,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: SourceIPMax
-version: 2.0.5
-kind: Scheduled
\ No newline at end of file
+version: 2.0.6
+kind: Scheduled