Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
'This hunting query will help detect successful sign-ins from devices that are marked non-compliant along with bulk download activity. Attackers may attempt to get a list of accounts, groups, registration details within an environment which could help in follow-on behavior. Best practice is to block sign ins from non-complaint devices, however if allowed monitor these events to ensure they do not lead to other risky activity. Reference: https://docs.microsoft.com/azure/active-directory/fundame
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | GitHub Only |
| ID | a5bb38e3-5ee2-47fe-a65d-c3c9341112ef |
| Tactics | InitialAccess, Discovery |
| Techniques | T1078, T1087 |
| Required Connectors | AzureActiveDirectory |
| Source | [View on GitHub](https://github.com/Azure/Azure-Sentinel/blob/master/Hunting Queries/MultipleDataSources/NonCompliantSigninwithBulkDownload.yaml) |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊