New Admin account activity seen which was not seen historically

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Content Index

This will help you discover any new admin account activity which was seen and were not seen historically. Any new accounts seen in the results can be validated and investigated for any suspicious activities.

Attribute Value
Type Hunting Query
Solution Microsoft 365
ID 723c5f46-133f-4f1e-ada6-5c138f811d75
Severity Medium
Tactics PrivilegeEscalation, Collection
Techniques T1078, T1114
Required Connectors Office365
Source View on GitHub

Tables Used

This content item queries data from the following tables:

Table Selection Criteria Transformations Ingestion API Lake-Only
OfficeActivity RecordType == "ExchangeAdmin" ?

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Hunting Queries · Back to Microsoft 365