Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Detects when file uploads are disabled in Copilot. Attackers often disable logging or file upload capabilities to avoid evidence collection and cover their tracks. This rule identifies potential data exfiltration cover-up scenarios where security controls are being disabled.
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | Microsoft Copilot |
| ID | c3d4e5f6-a7b8-49c0-d1e2-f3a4b5c6d7e8 |
| Severity | High |
| Status | Available |
| Kind | Scheduled |
| Tactics | DefenseEvasion |
| Techniques | T1562.001 |
| Required Connectors | MicrosoftCopilot |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
CopilotActivity |
✓ | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊