security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d14e287cdf91e2a8b995de5bfbc3fa8540c1922b
blue-team-tools/rules/cloud/azure/azure_ad_bitlocker_key_retrieval.yml
T
Mark Morowczynski 29ca26b32c Updating MITRE Tactics & Techniques 
Updating MITRE Tactics & Techniques to align with existing classifications
2023-01-28 13:26:15 -08:00

23 lines
626 B
YAML
Raw Blame History

title: Bitlocker Key Retrieval
id: a0413867-daf3-43dd-9245-734b3a787942
status: experimental
description: Monitor and alert for Bitlocker key retrieval.
references:
- https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/security-operations-devices#bitlocker-key-retrieval
author: Michael Epping, '@mepples21'
date: 2022/06/28
tags:
- attack.defense_evasion
- attack.t1078.004
logsource:
product: azure
service: auditlogs
detection:
selection:
Category: KeyManagement
OperationName: Read BitLocker key
condition: selection
falsepositives:
- Unknown
level: medium
Reference in New Issue View Git Blame Copy Permalink