Azure Subscription Permission Elevation Via ActivityLogs (09438caa-07b1-4870-8405-1dbafe3dad95)

Detects when a user has been elevated to manage all Azure Subscriptions. This change should be investigated immediately if it isn't planned. This setting could allow an attacker access to Azure subscriptions in your environment.

Rows: 2
Loading extensions...
Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
<, <=, >, >=, =, *, !, {, }, ||,&&, **[empty]**, **[nonempty]**, **rgx:**
Learn more
TableFilter v0.7.2
https://www.tablefilter.com/
©2015-2025 Max Guglielmi
Close
?
Cluster A	Galaxy A	Cluster B	Galaxy B	Level
	Clear Attack Pattern Sigma-Rules		Clear Attack Pattern	Clear 1 2
Azure Subscription Permission Elevation Via ActivityLogs (09438caa-07b1-4870-8405-1dbafe3dad95)	Sigma-Rules	Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65)	Attack Pattern	1
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65)	Attack Pattern	2

Azure Subscription Permission Elevation Via ActivityLogs (09438caa-07b1-4870-8405-1dbafe3dad95)

TableFilter v0.7.2