User Granted Access and associated audit activity

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Content Index

---

Identifies when a new user is granted access and any subsequent audit related activity. This can help you identify rogue or malicious user behavior.

Attribute	Value
Type	Hunting Query
Solution	Standalone Content
ID	0da142a4-b3ad-4bb6-b01d-03b572743fe9
Tactics	Persistence, PrivilegeEscalation, Impact
Techniques	T1098, T1078, T1496
Required Connectors	AzureActiveDirectory
Source	[View on GitHub](https://github.com/Azure/Azure-Sentinel/blob/master/Hunting Queries/AuditLogs/UserGrantedAccess_AllAuditActivity.yaml)

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Hunting Queries