Azure DevOps - New Release Pipeline Created

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Content Index

---

This query identifies users who created new package feed to Azure DevOps pipelines, having no prior history of feed creation, suggesting possible unauthorized activity and requiring verification.

Attribute	Value
Type	Hunting Query
Solution	AzureDevOpsAuditing
ID	2dfa9c23-1590-4589-995a-d1486be66028
Tactics	Persistence, Execution, PrivilegeEscalation
Techniques	T1053
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Transformations	Ingestion API	Lake-Only
ADOAuditLogs_CL	?	✓	?
AzureDevOpsAuditing	✓	✗	?
SecurityAlert	✓	✗	?

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Hunting Queries · Back to AzureDevOpsAuditing