Entra ID group adds in the last 7 days

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Content Index

---

This query looks for Entra ID group adds identified by Microsoft Defender for Cloud Apps. It will require an corresponding app connector in Microsoft Defender for Cloud Apps.

Attribute	Value
Type	Hunting Query
Solution	GitHub Only
ID	f5e4d3c2-b1a0-4f9d-8e7c-6b5a4d3e2c1f
Tactics	Privilege Escalation
Techniques	T1548
Required Connectors	MicrosoftThreatProtection
Source	[View on GitHub](https://github.com/Azure/Azure-Sentinel/blob/master/Hunting Queries/Microsoft%20365%20Defender/Cloud%20Apps/aad-group-adds.yaml)

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Hunting Queries