Sensitive Azure Key Vault operations

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Content Index

---

Identifies when sensitive Azure Key Vault operations are used. This includes: VaultDelete, KeyDelete, SecretDelete, SecretPurge, KeyPurge, SecretBackup, KeyBackup. Any Backup operations should match with expected scheduled backup activity.

Attribute	Value
Type	Analytic Rule
Solution	Azure Key Vault
ID	d6491be0-ab2d-439d-95d6-ad8ea39277c5
Severity	Low
Status	Available
Kind	Scheduled
Tactics	Impact
Techniques	T1485
Required Connectors	AzureKeyVault
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Selection Criteria	Transformations	Ingestion API	Lake-Only
AzureDiagnostics 🔶	ResourceType == "VAULTS"	?	✗	?

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Analytic Rules · Back to Azure Key Vault