Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Privileged Identity Management (PIM) generates alerts when there is suspicious or unsafe activity in Microsoft Entra ID (Azure AD) organization. This query will help detect attackers attempts to disable in product PIM alerts which are associated with Azure MFA requirements and could indicate activation of privileged access
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | Standalone Content |
| ID | 1f3b4dfd-21ff-4ed3-8e27-afc219e05c50 |
| Severity | Medium |
| Kind | Scheduled |
| Tactics | Persistence, PrivilegeEscalation |
| Techniques | T1098, T1078 |
| Required Connectors | AzureActiveDirectory |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
AuditLogs |
✓ | ✗ | ? |
The following connectors provide data for this content item:
| Connector | Solution |
|---|---|
| AzureActiveDirectory | Microsoft Entra ID |
Solutions: Microsoft Entra ID
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊