⚠️ eDCRule

⚠️ Unpublished: This item is from a solution that is not yet published on Azure Marketplace or not installed in Content Hub.

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Solutions Index

---

Attribute	Value
Publisher	eDC ICE223
Support Tier	Partner
Support Link	https://www.aceredc.com/zh/contact/
Categories	Security - Threat Protection
Version	3.0.0
Author	eDC ICE223 - ice223@acercsi.com
First Published	2026-05-18
Solution Folder	eDCRule

The eDCRule solution for Microsoft Sentinel installs custom analytic rule templates.

Contents

• Data Connectors
• Tables Used
• Content Items

Data Connectors

This solution does not include data connectors.

This solution may contain other components such as analytics rules, workbooks, hunting queries, or playbooks.

Tables Used

This solution queries 4 table(s) from its content items:

Table	Used By Content
AADNonInteractiveUserSignInLogs	Analytics
AuditLogs	Analytics
AzureActivity	Analytics
SigninLogs	Analytics

Internal Tables

The following 2 table(s) are used internally by this solution's content items:

Table	Used By Content
BehaviorAnalytics	Analytics
IdentityInfo	Analytics

Content Items

This solution includes 10 content item(s):

Content Type	Count
Analytic Rules	10

Analytic Rules

Name	Severity	Tactics	Tables Used
[AzureSubscription] Suspicious Azure VM Run Command Execution Detected	High	LateralMovement, CredentialAccess	AzureActivity Internal use: BehaviorAnalytics
[Entra ID] Application Assigned Administrator Permissions Immediately After Obtaining Role Management Permissions	High	Persistence, PrivilegeEscalation, DefenseEvasion, InitialAccess	AuditLogs
[Entra ID] Application Granted Administrative Permission to Assign Microsoft Entra ID Roles	High	Persistence, Impact, PrivilegeEscalation	AuditLogs
[Entra ID] Authentication Method Changed for Privileged Account	High	Persistence	AuditLogs Internal use: IdentityInfo
[Entra ID] Domain Federation Trust Settings Modified	High	CredentialAccess, Persistence	AuditLogs
[Entra ID] Mass Privileged Role Change Activity Detected	High	PrivilegeEscalation	AuditLogs
[Entra ID] Privilege Elevation Request Denied	High	Persistence, PrivilegeEscalation, DefenseEvasion, InitialAccess	AuditLogs
[Entra ID] Privileged Role Assigned to User	High	Persistence, DefenseEvasion, PrivilegeEscalation, InitialAccess	AuditLogs
[Entra ID] Privileged Role Assigned to a New User	High	Persistence, PrivilegeEscalation, DefenseEvasion, InitialAccess	AuditLogs
[Entra ID] Suspicious Continuous OAuth Token Usage	High	CredentialAccess	AADNonInteractiveUserSignInLogs SigninLogs

Release Notes

Version	Date Modified (DD-MM-YYYY)	Change History
3.0.0	17-06-2026	Initial Solution Release.

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Solutions Index