@pjannesari I have answered this here Building an Effective Exception Rule for Attacker Technique - Inbox Forwarding Rule Created