Skip to content

<<< Hide Navigation Hide TOC >>>

Azure Subscription Permission Elevation Via AuditLogs (ca9bf243-465e-494a-9e54-bf9fc239057d)

Detects when a user has been elevated to manage all Azure Subscriptions. This change should be investigated immediately if it isn't planned. This setting could allow an attacker access to Azure subscriptions in your environment.

Galaxy ColorsAttack Pat...Sigma-Rule...
Rows: 1
Loading extensions...
Collapse filters
Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
<, <=, >, >=, =, *, !, {, }, ||,&&, [empty], [nonempty], rgx:
Learn more

TableFilter v0.7.2

https://www.tablefilter.com/
©2015-2025 Max Guglielmi
?
Cluster A Galaxy A Cluster B Galaxy B Level
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern Azure Subscription Permission Elevation Via AuditLogs (ca9bf243-465e-494a-9e54-bf9fc239057d) Sigma-Rules 1