Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Azure's storage key listing can expose secrets, PII, and grant VM access. Monitoring for anomalous accounts or IPs is crucial. The query generates IP clusters, correlates activities, and flags unexpected ones. Single-operation users are excluded.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | Azure Activity |
| ID | 5d2399f9-ea5c-4e67-9435-1fba745f3a39 |
| Tactics | Discovery |
| Techniques | T1087 |
| Required Connectors | AzureActivity |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
AzureActivity |
? | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊