Activity from Suspicious IP Addresses (a3501e8e-af9e-43c6-8cd6-9360bdaae498)
Detects when a Microsoft Cloud App Security reported users were active from an IP address identified as risky by Microsoft Threat Intelligence. These IP addresses are involved in malicious activities, such as Botnet C&C, and may indicate compromised account.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) | Attack Pattern | Activity from Suspicious IP Addresses (a3501e8e-af9e-43c6-8cd6-9360bdaae498) | Sigma-Rules | 1 |