Changes to Application Logout URL

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Content Index

---

Detects changes to an applications sign out URL. Look for any modifications to a sign out URL. Blank entries or entries to non-existent locations would stop a user from terminating a session. Ref: https://docs.microsoft.com/azure/active-directory/fundamentals/security-operations-applications#logout-url-modified-or-removed

Attribute	Value
Type	Analytic Rule
Solution	Standalone Content
ID	492fbe35-cbac-4a8c-9059-826782e6915a
Severity	Low
Kind	Scheduled
Tactics	Persistence, PrivilegeEscalation
Techniques	T1078.004
Required Connectors	AzureActiveDirectory
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Selection Criteria	Transformations	Ingestion API	Lake-Only
AuditLogs	OperationName has_any "Update Application,Update Service principal"	✓	✗	?

Associated Connectors

The following connectors provide data for this content item:

Connector	Solution
AzureActiveDirectory	Microsoft Entra ID

Solutions: Microsoft Entra ID

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Analytic Rules