Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
This query looks for a few sensitive subscription-level events based on Azure Activity Logs. For example, this monitors for the operation name 'Create or Update Snapshot', which is used for creating backups but could be misused by attackers to dump hashes or extract sensitive information from the disk.
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | Azure Activity |
| ID | 23de46ea-c425-4a77-b456-511ae4855d69 |
| Severity | Low |
| Status | Available |
| Kind | Scheduled |
| Tactics | CredentialAccess, Persistence |
| Techniques | T1003, T1098 |
| Required Connectors | AzureActivity |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
AzureActivity |
? | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊