2021-09-12 20:00:08 -05:00
|
|
|
title: Azure New CloudShell Created
|
|
|
|
|
id: 72af37e2-ec32-47dc-992b-bc288a2708cb
|
2022-08-23 14:20:26 -05:00
|
|
|
status: experimental
|
2021-09-12 20:00:08 -05:00
|
|
|
description: Identifies when a new cloudshell is created inside of Azure portal.
|
2022-08-23 14:20:26 -05:00
|
|
|
references:
|
2022-10-25 07:34:10 +02:00
|
|
|
- https://docs.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations
|
2021-09-12 20:00:08 -05:00
|
|
|
author: Austin Songer
|
|
|
|
|
date: 2021/09/21
|
2022-08-23 14:32:10 -05:00
|
|
|
modified: 2022/08/23
|
2022-10-25 07:34:10 +02:00
|
|
|
tags:
|
|
|
|
|
- attack.execution
|
|
|
|
|
- attack.t1059
|
2021-09-12 20:00:08 -05:00
|
|
|
logsource:
|
2022-10-25 07:34:10 +02:00
|
|
|
product: azure
|
|
|
|
|
service: activitylogs
|
2021-09-12 20:00:08 -05:00
|
|
|
detection:
|
2022-10-25 07:34:10 +02:00
|
|
|
selection:
|
|
|
|
|
operationName: MICROSOFT.PORTAL/CONSOLES/WRITE
|
|
|
|
|
condition: selection
|
2021-09-12 20:00:08 -05:00
|
|
|
falsepositives:
|
2022-10-25 07:34:10 +02:00
|
|
|
- A new cloudshell may be created by a system administrator.
|
2022-08-23 14:20:26 -05:00
|
|
|
level: medium
|
