Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
Identifies federated identity credential additions to Entra ID service principals. Workload identity federation allows external OIDC workloads to authenticate as the SP without secrets, which if abused enables supply chain or CI/CD pipeline compromise.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | Standalone Content |
| ID | 2a7c50a9-5172-4ea3-8a59-b89e8117fc2c |
| Tactics | Persistence |
| Techniques | T1098.001 |
| Required Connectors | AzureActiveDirectory |
| Source | [View on GitHub](https://github.com/Azure/Azure-Sentinel/blob/master/Hunting Queries/AuditLogs/ServicePrincipalFederatedIdentityCredentialAdded.yaml) |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊