Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
Detect mass file deletion events within Azure File and Blob storage. deleteWindow controls the period of time the deletions must occur in, whilst the deleteThreshold controls how many files must be deleted within that threshold. Query works on a per-IP address basis, so will only detect a single IP deleting multiple files.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | GitHub Only |
| ID | 85e16874-72aa-4ebe-b36e-e45f8ba50f79 |
| Tactics | Impact |
| Techniques | T1485 |
| Source | [View on GitHub](https://github.com/Azure/Azure-Sentinel/blob/master/Hunting Queries/AzureStorage/AzureStorageMassDeletion.yaml) |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊