This alert identifies internal hosts using IMAP/POP3 email accounts. Users should not be allowed to use unsanctioned email clients.
MITRE ATT&CK Tactics
Command and Control
Personal managed devices used in the corporate network
1. Block this specific application in perimeter firewall (applicable to NGFW)
2. Notify user about improper use of technologies, based on organization AUP standard
3. Perform a AV/AM scan of the user machine (applicable to corporate managed systems).