Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
Shows the most prevalent users who perform write operations on Azure Machine Learning resources. List the common source IP address for each of those accounts. If an operation is not from those IP addresses, it may be worthy of investigation.
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | Azure Activity |
| ID | 68c89998-8052-4c80-a1f6-9d81060b6d57 |
| Severity | Low |
| Status | Available |
| Kind | Scheduled |
| Tactics | InitialAccess, Execution, Impact |
| Techniques | T1078, T1059, T1496 |
| Required Connectors | AzureActivity |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
AzureActivity |
OperationNameValue !contains "MICROSOFT.AUTHORIZATION/ROLEASSIGNMENTS/WRITE"OperationNameValue contains "write"ResourceProviderValue == "MICROSOFT.MACHINELEARNINGSERVICES" |
✗ | ✗ | ✗ |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊