open-menu
closeme
Azure Entra Sign-in Brute Force against Microsoft 365 Accounts
calendar
Oct 10, 2024
·
Domain: Cloud
Domain: SaaS
Data Source: Azure
Data Source: Entra ID
Data Source: Entra ID Sign-in
Use Case: Identity and Access Audit
Use Case: Threat Detection
Tactic: Credential Access
·
Share on:
twitter
facebook
linkedin
copy
Azure Entra Sign-in Brute Force Microsoft 365 Accounts by Repeat Source
calendar
Oct 10, 2024
·
Domain: Cloud
Domain: SaaS
Data Source: Azure
Data Source: Entra ID
Data Source: Entra ID Sign-in
Use Case: Identity and Access Audit
Use Case: Threat Detection
Tactic: Credential Access
·
Share on:
twitter
facebook
linkedin
copy
Entra ID Device Code Auth with Broker Client
calendar
Jul 1, 2024
·
Domain: Cloud
Data Source: Azure
Data Source: Microsoft Entra ID
Use Case: Identity and Access Audit
Tactic: Credential Access
·
Share on:
twitter
facebook
linkedin
copy
Azure Active Directory High Risk Sign-in
calendar
May 22, 2024
·
Domain: Cloud
Data Source: Azure
Use Case: Identity and Access Audit
Resources: Investigation Guide
Tactic: Initial Access
·
Share on:
twitter
facebook
linkedin
copy
Azure Active Directory High Risk User Sign-in Heuristic
calendar
May 22, 2024
·
Domain: Cloud
Data Source: Azure
Use Case: Identity and Access Audit
Resources: Investigation Guide
Tactic: Initial Access
·
Share on:
twitter
facebook
linkedin
copy
Azure Active Directory PowerShell Sign-in
calendar
May 22, 2024
·
Domain: Cloud
Data Source: Azure
Use Case: Identity and Access Audit
Resources: Investigation Guide
Tactic: Initial Access
·
Share on:
twitter
facebook
linkedin
copy
Azure AD Global Administrator Role Assigned
calendar
May 22, 2024
·
Domain: Cloud
Data Source: Azure
Use Case: Identity and Access Audit
Tactic: Persistence
·
Share on:
twitter
facebook
linkedin
copy
Azure Alert Suppression Rule Created or Modified
calendar
May 22, 2024
·
Domain: Cloud
Data Source: Azure
Use Case: Configuration Audit
Tactic: Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
Azure Application Credential Modification
calendar
May 22, 2024
·
Domain: Cloud
Data Source: Azure
Use Case: Identity and Access Audit
Tactic: Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
Azure Automation Account Created
calendar
May 22, 2024
·
Domain: Cloud
Data Source: Azure
Use Case: Identity and Access Audit
Tactic: Persistence
·
Share on:
twitter
facebook
linkedin
copy
Azure Automation Runbook Created or Modified
calendar
May 22, 2024
·
Domain: Cloud
Data Source: Azure
Use Case: Configuration Audit
Tactic: Persistence
·
Share on:
twitter
facebook
linkedin
copy
Azure Automation Runbook Deleted
calendar
May 22, 2024
·
Domain: Cloud
Data Source: Azure
Use Case: Configuration Audit
Tactic: Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
Azure Automation Webhook Created
calendar
May 22, 2024
·
Domain: Cloud
Data Source: Azure
Use Case: Configuration Audit
Tactic: Persistence
·
Share on:
twitter
facebook
linkedin
copy
Azure Blob Container Access Level Modification
calendar
May 22, 2024
·
Domain: Cloud
Data Source: Azure
Use Case: Asset Visibility
Tactic: Discovery
·
Share on:
twitter
facebook
linkedin
copy
Azure Blob Permissions Modification
calendar
May 22, 2024
·
Domain: Cloud
Data Source: Azure
Use Case: Identity and Access Audit
Tactic: Defense Evasion
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Azure Command Execution on Virtual Machine
calendar
May 22, 2024
·
Domain: Cloud
Data Source: Azure
Use Case: Log Auditing
Tactic: Execution
·
Share on:
twitter
facebook
linkedin
copy
Azure Conditional Access Policy Modified
calendar
May 22, 2024
·
Domain: Cloud
Data Source: Azure
Use Case: Configuration Audit
Tactic: Persistence
·
Share on:
twitter
facebook
linkedin
copy
Azure Diagnostic Settings Deletion
calendar
May 22, 2024
·
Domain: Cloud
Data Source: Azure
Tactic: Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
Azure Event Hub Authorization Rule Created or Updated
calendar
May 22, 2024
·
Domain: Cloud
Data Source: Azure
Use Case: Log Auditing
Tactic: Collection
·
Share on:
twitter
facebook
linkedin
copy
Azure Event Hub Deletion
calendar
May 22, 2024
·
Domain: Cloud
Data Source: Azure
Use Case: Log Auditing
Tactic: Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
Azure External Guest User Invitation
calendar
May 22, 2024
·
Domain: Cloud
Data Source: Azure
Use Case: Identity and Access Audit
Tactic: Initial Access
·
Share on:
twitter
facebook
linkedin
copy
Azure Firewall Policy Deletion
calendar
May 22, 2024
·
Domain: Cloud
Data Source: Azure
Use Case: Network Security Monitoring
Tactic: Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
Azure Frontdoor Web Application Firewall (WAF) Policy Deleted
calendar
May 22, 2024
·
Domain: Cloud
Data Source: Azure
Use Case: Network Security Monitoring
Tactic: Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
Azure Full Network Packet Capture Detected
calendar
May 22, 2024
·
Domain: Cloud
Data Source: Azure
Tactic: Credential Access
·
Share on:
twitter
facebook
linkedin
copy
Azure Global Administrator Role Addition to PIM User
calendar
May 22, 2024
·
Domain: Cloud
Data Source: Azure
Use Case: Identity and Access Audit
Tactic: Persistence
·
Share on:
twitter
facebook
linkedin
copy
Azure Key Vault Modified
calendar
May 22, 2024
·
Domain: Cloud
Data Source: Azure
Tactic: Credential Access
·
Share on:
twitter
facebook
linkedin
copy
Azure Kubernetes Events Deleted
calendar
May 22, 2024
·
Domain: Cloud
Data Source: Azure
Use Case: Log Auditing
Tactic: Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
Azure Kubernetes Pods Deleted
calendar
May 22, 2024
·
Domain: Cloud
Data Source: Azure
Use Case: Asset Visibility
Tactic: Impact
·
Share on:
twitter
facebook
linkedin
copy
Azure Kubernetes Rolebindings Created
calendar
May 22, 2024
·
Domain: Cloud
Data Source: Azure
Use Case: Identity and Access Audit
Tactic: Privilege Escalation
·
Share on:
twitter
facebook
linkedin
copy
Azure Network Watcher Deletion
calendar
May 22, 2024
·
Domain: Cloud
Data Source: Azure
Use Case: Network Security Monitoring
Tactic: Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
Azure Privilege Identity Management Role Modified
calendar
May 22, 2024
·
Domain: Cloud
Data Source: Azure
Use Case: Identity and Access Audit
Resources: Investigation Guide
Tactic: Persistence
·
Share on:
twitter
facebook
linkedin
copy
Azure Resource Group Deletion
calendar
May 22, 2024
·
Domain: Cloud
Data Source: Azure
Use Case: Log Auditing
Tactic: Impact
·
Share on:
twitter
facebook
linkedin
copy
Azure Service Principal Addition
calendar
May 22, 2024
·
Domain: Cloud
Data Source: Azure
Use Case: Identity and Access Audit
Resources: Investigation Guide
Tactic: Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
Azure Service Principal Credentials Added
calendar
May 22, 2024
·
Domain: Cloud
Data Source: Azure
Use Case: Identity and Access Audit
Tactic: Impact
·
Share on:
twitter
facebook
linkedin
copy
Azure Storage Account Key Regenerated
calendar
May 22, 2024
·
Domain: Cloud
Data Source: Azure
Use Case: Identity and Access Audit
Tactic: Credential Access
·
Share on:
twitter
facebook
linkedin
copy
Azure Virtual Network Device Modified or Deleted
calendar
May 22, 2024
·
Domain: Cloud
Data Source: Azure
Use Case: Network Security Monitoring
Tactic: Impact
·
Share on:
twitter
facebook
linkedin
copy
Multi-Factor Authentication Disabled for an Azure User
calendar
May 22, 2024
·
Domain: Cloud
Data Source: Azure
Use Case: Identity and Access Audit
Resources: Investigation Guide
Tactic: Persistence
·
Share on:
twitter
facebook
linkedin
copy
Possible Consent Grant Attack via Azure-Registered Application
calendar
May 22, 2024
·
Domain: Cloud
Data Source: Azure
Data Source: Microsoft 365
Use Case: Identity and Access Audit
Resources: Investigation Guide
Tactic: Initial Access
·
Share on:
twitter
facebook
linkedin
copy
User Added as Owner for Azure Application
calendar
May 22, 2024
·
Domain: Cloud
Data Source: Azure
Use Case: Configuration Audit
Tactic: Persistence
·
Share on:
twitter
facebook
linkedin
copy
User Added as Owner for Azure Service Principal
calendar
May 22, 2024
·
Domain: Cloud
Data Source: Azure
Use Case: Configuration Audit
Tactic: Persistence
·
Share on:
twitter
facebook
linkedin
copy
to-top