Unfamiliar Signin Correlation with AzurePortal Signin Attempts and AuditLogs

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

Back to Content Index

This query looks for unfamiliar Sign-in's thats not seen recently for the given user with azure portal login attempts and audit logs to help detect and reduce the analysis timeline for defenders

Attribute Value
Type Hunting Query
Solution GitHub Only
ID 6962473c-bcb8-421d-a0db-826078cad280
Tactics InitialAccess, Impact
Techniques T1190, T1078
Required Connectors AzureActiveDirectory, AzureActiveDirectory, AzureSecurityCenter, AzureActiveDirectory
Source [View on GitHub](https://github.com/Azure/Azure-Sentinel/blob/master/Hunting Queries/MultipleDataSources/UnfamiliarsignincorrelationwithPortalSigninandAuditlogs.yaml)

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

Back to Hunting Queries