Azure DevOps New Extension Added

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Content Index

---

Extensions add additional features to Azure DevOps. An attacker could use a malicious extension to conduct malicious activity. This query looks for new extensions that are not from a configurable list of approved publishers.

Attribute	Value
Type	Analytic Rule
Solution	AzureDevOpsAuditing
ID	bf07ca9c-e408-443a-8939-6860a45a929e
Severity	Low
Status	Available
Kind	Scheduled
Tactics	Persistence
Techniques	T1505
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Transformations	Ingestion API	Lake-Only
ADOAuditLogs_CL	?	✓	?
AzureDevOpsAuditing	✓	✗	?

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Analytic Rules · Back to AzureDevOpsAuditing