Dataverse - Suspicious use of Web API

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Content Index

---

Identifies sign-in across multiple Dataverse environments, breaching a predefined threshold, originating from a user with IP address that was used to sign-into the well known Microsoft Entra app registration.

Attribute	Value
Type	Analytic Rule
Solution	Microsoft Business Applications
ID	8a6ecba2-ccfe-4c8c-b086-fa3e6ff7fa86
Severity	Medium
Status	Available
Kind	Scheduled
Tactics	Execution, Exfiltration, Reconnaissance, Discovery
Techniques	T1106, T1567, T1595, T1526, T1580
Required Connectors	Dataverse, AzureActiveDirectory
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Transformations	Ingestion API	Lake-Only
DataverseActivity	✓	✗	?
SigninLogs	✓	✗	?

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Analytic Rules · Back to Microsoft Business Applications