Hi,
We had an incident which happened two weeks ago, where some emails of a user got deleted, we troubleshooted the issue and suspected that his email was compromised and also found that someone created a rule forwarding emails to a suspicious account.
Is there a way to know from which Client and which IP address the emails were deleted? And is there a way to know when and from where the rule was created.
Thanks