Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
Identifies OAuth application consent events where high-risk permissions such as Directory.ReadWrite.All or RoleManagement.ReadWrite.Directory were granted to apps with no prior tenant consent history in the preceding 90 days.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | Standalone Content |
| ID | 2a166359-a104-4d72-93ae-643ae69bf801 |
| Tactics | Persistence, CredentialAccess |
| Techniques | T1528 |
| Required Connectors | AzureActiveDirectory |
| Source | [View on GitHub](https://github.com/Azure/Azure-Sentinel/blob/master/Hunting Queries/MultipleDataSources/OAuthConsentToHighRiskPermissionScope.yaml) |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊