security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update

Browse Source
This commit is contained in:
Austin Songer
2021-08-23 22:09:27 +00:00
parent 595bd3b80f
commit da69b2f531
1 changed files with 5 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/cloud/m365/microsoft365_suspicious_oauth_app_file_download_activities.yml
+5 -6
View File
@@ -1,14 +1,14 @@
title: Microsoft 365 - Suspicious OAuth app file download activities
id: ee111937-1fe7-40f0-962a-0eb44d57d174
status: experimental
description: Detects when a Microsoft Cloud App Security reported
description: Detects when a Microsoft Cloud App Security reported when an app downloads multiple files from Microsoft SharePoint or Microsoft OneDrive in a manner that is unusual for the user.
author: Austin Songer @austinsonger
date: 2021/08/22
date: 2021/08/23
references:
- https://docs.microsoft.com/en-us/cloud-app-security/anomaly-detection-policy
- https://docs.microsoft.com/en-us/cloud-app-security/policy-template-reference
logsource:
category:
category: ThreatManagement
service: m365
detection:
selection:
@@ -17,8 +17,7 @@ detection:
status: success
condition: selection
falsepositives:
-
- Unknown
level: medium
tags:
- attack.initial_access
-
- attack.exfiltration