diff --git a/clusters/o365-exchange-techniques.json b/clusters/o365-exchange-techniques.json
index 2f9816f..782dd9f 100644
--- a/clusters/o365-exchange-techniques.json
+++ b/clusters/o365-exchange-techniques.json
@@ -329,6 +329,46 @@
       },
       "uuid": "a69da576-7ed2-4b29-8c4a-6c16bd2c2a54",
       "value": "On-Prem Exchange - Delegation"
+    },
+    {
+      "description": "O365 - MailSniper: Search Mailbox for content",
+      "meta": {
+        "kill_chain": [
+          "tactics:Actions on Intent"
+        ]
+      },
+      "uuid": "ae6eb93b-503f-49b5-98db-3f282551facb",
+      "value": "O365 - MailSniper: Search Mailbox for content"
+    },
+    {
+      "description": "O365 - Search for Content with eDiscovery",
+      "meta": {
+        "kill_chain": [
+          "tactics:Actions on Intent"
+        ]
+      },
+      "uuid": "8ac66795-5e59-4993-973b-b6efd78fb1c8",
+      "value": "O365 - Search for Content with eDiscovery"
+    },
+    {
+      "description": "O365 - Exfiltration email using EWS APIs with PowerShell",
+      "meta": {
+        "kill_chain": [
+          "tactics:Actions on Intent"
+        ]
+      },
+      "uuid": "4d67a417-169c-47d0-a7fa-d710b9e2f611",
+      "value": "O365 - Exfiltration email using EWS APIs with PowerShell"
+    },
+    {
+      "description": "O365 - Download documents and email",
+      "meta": {
+        "kill_chain": [
+          "tactics:Actions on Intent"
+        ]
+      },
+      "uuid": "1ccc00f8-d4b5-4c72-a7c0-a53127497a7c",
+      "value": "O365 - Download documents and email"
     }
   ],
   "version": 1