Azure DevOps - New PAT Operation

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Content Index

Using PATs for new operations may signal misuse. This query flags unfamiliar PAT-based operations, potentially indicating malicious use of a stolen PAT.

Attribute Value
Type Hunting Query
Solution AzureDevOpsAuditing
ID 5b6ab1d9-018b-46c6-993b-3198626fc54e
Tactics DefenseEvasion
Techniques T1078
Source View on GitHub

Tables Used

This content item queries data from the following tables:

Table Transformations Ingestion API Lake-Only
ADOAuditLogs_CL ? ?
AzureDevOpsAuditing ?

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Hunting Queries · Back to AzureDevOpsAuditing