Azure DevOps - New Release Pipeline Created

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Content Index

---

This query identifies users who created new package feed to Azure DevOps pipelines, having no prior history of feed creation, suggesting possible unauthorized activity and requiring verification.

Attribute	Value
Type	Hunting Query
Solution	AzureDevOpsAuditing
ID	2dfa9c23-1590-4589-995a-d1486be66028
Tactics	Persistence, Execution, PrivilegeEscalation
Techniques	T1053
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Selection Criteria	Transformations	Ingestion API	Lake-Only
ADOAuditLogs_CL		✓	✓	✓
AzureDevOpsAuditing		✓	✗	?
SecurityAlert	ProviderName == "IPC"	✓	✗	✓

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Hunting Queries · Back to AzureDevOpsAuditing