From 8b41e6bfdf80e29005ce5a6065caac3ff0b0cc64 Mon Sep 17 00:00:00 2001 From: peterydzynski <25185548+peterydzynski@users.noreply.github.com> Date: Fri, 17 Oct 2025 06:14:11 -0400 Subject: [PATCH] Merge PR #5542 from @peterydzynski - remove Azure Application Credential Modified remove: Azure Application Credential Modified - superseeded by cbb67ecc-fb70-4467-9350-c910bdf7c628 --------- Co-authored-by: nasbench Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com> --- .../cloud}/azure_app_credential_modification.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) rename {rules/cloud/azure/activity_logs => deprecated/cloud}/azure_app_credential_modification.yml (86%) diff --git a/rules/cloud/azure/activity_logs/azure_app_credential_modification.yml b/deprecated/cloud/azure_app_credential_modification.yml similarity index 86% rename from rules/cloud/azure/activity_logs/azure_app_credential_modification.yml rename to deprecated/cloud/azure_app_credential_modification.yml index e38f45ef8..178873087 100644 --- a/rules/cloud/azure/activity_logs/azure_app_credential_modification.yml +++ b/deprecated/cloud/azure_app_credential_modification.yml @@ -1,12 +1,12 @@ title: Azure Application Credential Modified id: cdeef967-f9a1-4375-90ee-6978c5f23974 -status: test +status: deprecated description: Identifies when a application credential is modified. references: - https://www.cloud-architekt.net/auditing-of-msi-and-service-principals/ author: Austin Songer @austinsonger date: 2021-09-02 -modified: 2022-10-09 +modified: 2025-10-17 tags: - attack.impact logsource: @@ -14,7 +14,7 @@ logsource: service: activitylogs detection: selection: - properties.message: 'Update application - Certificates and secrets management' + properties.message: 'Update application – Certificates and secrets management' condition: selection falsepositives: - Application credential added may be performed by a system administrator.