Users searching for VIP user activity

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Content Index

---

This query monitors for users running Log Analytics queries that contain filters for specific, defined VIP user accounts or the VIPUser watchlist template. Use this detection to alert for users specifically searching for activity of sensitive users.

Attribute	Value
Type	Analytic Rule
Solution	Standalone Content
ID	f7f4a77e-f68f-4b56-9aaf-a0c9d87d7a8e
Severity	Low
Kind	Scheduled
Tactics	Collection, Exfiltration
Techniques	T1530, T1213, T1020
Source	View on GitHub

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Analytic Rules