Hide Navigation Hide TOC

Rare Subscription-level Operations In Azure (c1182e02-49a3-481c-b3de-0fadc4091488)

Identifies IPs from which users grant access to other users on azure resources and alerts when a previously unseen source IP address is used.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Rare Subscription-level Operations In Azure (c1182e02-49a3-481c-b3de-0fadc4091488)	Sigma-Rules	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	1