Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
'This will alert when a user consents to provide a previously-unknown Azure application with offline access via OAuth. Offline access will provide the Azure App with access to the listed resources without requiring two-factor authentication. Consent to applications with offline access and read capabilities should be rare, especially as the knownApplications list is expanded. Public contributions to expand this filter are welcome! For further information on AuditLogs please see https://docs.micro
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | Microsoft Entra ID |
| ID | 3533f74c-9207-4047-96e2-0eb9383be587 |
| Severity | Low |
| Status | Available |
| Kind | Scheduled |
| Tactics | CredentialAccess |
| Techniques | T1528 |
| Required Connectors | AzureActiveDirectory |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
AuditLogs |
OperationName in "Add OAuth2PermissionGrant,Add delegated permission grant,Add service principal,Consent to application" |
✓ | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊