Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Indicates when an anomalous number of VM creations or deployment activities occur in Azure via the AzureActivity log. This query generates the baseline pattern of cloud resource creation by an individual and generates an anomaly when any unusual spike is detected. These anomalies from unusual or privileged users could be an indication of a cloud infrastructure takedown by an adversary.
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | Azure Activity |
| ID | 361dd1e3-1c11-491e-82a3-bb2e44ac36ba |
| Severity | Medium |
| Status | Available |
| Kind | Scheduled |
| Tactics | Impact |
| Techniques | T1496 |
| Required Connectors | AzureActivity |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
AzureActivity |
? | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊