Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
This query looks at the last 14 days for "Consent to application" operation by a user/app which could potentially mean unauthorized access. Additional context is added from AuditLogs based on CorrleationId from the same account that performed the action.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | Standalone Content |
| ID | b09d6e57-c48b-491d-9c2b-ab73018e6534 |
| Tactics | Persistence |
| Techniques | T1136 |
| Required Connectors | AzureActiveDirectory |
| Source | [View on GitHub](https://github.com/Azure/Azure-Sentinel/blob/master/Hunting Queries/AuditLogs/ConsentToApplicationDiscovery.yaml) |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊