Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
This will help you discover any new admin account activity which was seen and were not seen historically. Any new accounts seen in the results can be validated and investigated for any suspicious activities.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | Microsoft 365 |
| ID | 723c5f46-133f-4f1e-ada6-5c138f811d75 |
| Severity | Medium |
| Tactics | PrivilegeEscalation, Collection |
| Techniques | T1078, T1114 |
| Required Connectors | Office365 |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
OfficeActivity |
RecordType == "ExchangeAdmin"UserType in "Admin,DcAdmin" |
✓ | ✗ | ✓ |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊