Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
This query will detect if user properties of Global Administrator are updated by an existing user. Usually only user administrator or other global administrator can update such properties. Investigate if such user change is an attempt to elevate an existing low privileged identity or rogue administrator activity
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | Standalone Content |
| ID | 48602a24-67cf-4362-b258-3f4249e55def |
| Severity | Medium |
| Kind | Scheduled |
| Tactics | PrivilegeEscalation |
| Techniques | T1078.004 |
| Required Connectors | AzureActiveDirectory, BehaviorAnalytics |
| Source | View on GitHub |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊