Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
Detects when file uploads are disabled in Copilot. Attackers often disable logging or file upload capabilities to avoid evidence collection and cover their tracks. This rule identifies potential data exfiltration cover-up scenarios where security controls are being disabled.
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | Microsoft Copilot |
| ID | c3d4e5f6-a7b8-49c0-d1e2-f3a4b5c6d7e8 |
| Severity | High |
| Status | Available |
| Kind | Scheduled |
| Tactics | DefenseEvasion |
| Techniques | T1562.001 |
| Required Connectors | MicrosoftCopilot |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
CopilotActivity |
✓ | ✗ | ✓ |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊