Azure DevOps- Guest users access enabled

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Content Index

This hunting query identifies Azure DevOps activities where organization Guest Access policy is enabled by the admin

Attribute Value
Type Hunting Query
Solution AzureDevOpsAuditing
ID 2380670e-e168-4a99-9529-6c4d127b3ce6
Tactics Persistence, DefenseEvasion
Techniques T1098, T1562
Required Connectors AzureMonitor
Source View on GitHub

Tables Used

This content item queries data from the following tables:

Table Transformations Ingestion API Lake-Only
ADOAuditLogs_CL ? ?
AzureDevOpsAuditing ?

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Hunting Queries · Back to AzureDevOpsAuditing