From 57a23e0b41e2a4146fff334a7bb74ebcd9ef5a5f Mon Sep 17 00:00:00 2001
From: TheLawsOfChaos <TheLawsOfChaos@users.noreply.github.com>
Date: Mon, 9 Jan 2023 15:32:02 -0500
Subject: [PATCH] Update azure_device_or_configuration_modified_or_deleted.yml

Added technique and sub-tech, along with references.
---
 .../azure_device_or_configuration_modified_or_deleted.yml     | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/rules/cloud/azure/azure_device_or_configuration_modified_or_deleted.yml b/rules/cloud/azure/azure_device_or_configuration_modified_or_deleted.yml
index 65c7974a3..ef44ce775 100644
--- a/rules/cloud/azure/azure_device_or_configuration_modified_or_deleted.yml
+++ b/rules/cloud/azure/azure_device_or_configuration_modified_or_deleted.yml
@@ -4,11 +4,15 @@ status: test
 description: Identifies when a device or device configuration in azure is modified or deleted.
 references:
     - https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/reference-audit-activities#core-directory
+    - https://attack.mitre.org/techniques/T1485
+    - https://attack.mitre.org/techniques/T1565/001
 author: Austin Songer @austinsonger
 date: 2021/09/03
 modified: 2022/10/09
 tags:
     - attack.impact
+    - attack.1485
+    - attack.t1565.001
 logsource:
     product: azure
     service: activitylogs