Azure Subscription Permission Elevation Via AuditLogs (ca9bf243-465e-494a-9e54-bf9fc239057d)
Detects when a user has been elevated to manage all Azure Subscriptions. This change should be investigated immediately if it isn't planned. This setting could allow an attacker access to Azure subscriptions in your environment.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Azure Subscription Permission Elevation Via AuditLogs (ca9bf243-465e-494a-9e54-bf9fc239057d) | Sigma-Rules | Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) | Attack Pattern | 1 |