User Granted Access and associated audit activity

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Content Index

---

Identifies when a new user is granted access and any subsequent audit related activity. This can help you identify rogue or malicious user behavior.

Attribute	Value
Type	Hunting Query
Solution	Standalone Content
ID	0da142a4-b3ad-4bb6-b01d-03b572743fe9
Tactics	Persistence, PrivilegeEscalation, Impact
Techniques	T1098, T1078, T1496
Required Connectors	AzureActiveDirectory
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Transformations	Ingestion API	Lake-Only
AuditLogs	✓	✗	?

Associated Connectors

The following connectors provide data for this content item:

Connector	Solution
AzureActiveDirectory	Microsoft Entra ID

Solutions: Microsoft Entra ID

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Hunting Queries