security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d14e287cdf91e2a8b995de5bfbc3fa8540c1922b
blue-team-tools/rules/cloud/azure/azure_ad_device_registration_policy_changes.yml
T
frack113 556dd8f400 Order yaml field
2022-10-25 07:34:10 +02:00

24 lines
725 B
YAML
Raw Blame History

title: Changes to Device Registration Policy
id: 9494bff8-959f-4440-bbce-fb87a208d517
status: experimental
description: Monitor and alert for changes to the device registration policy.
references:
- https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/security-operations-devices#device-registrations-and-joins-outside-policy
author: Michael Epping, '@mepples21'
date: 2022/06/28
tags:
- attack.defense_evasion
- attack.privilege_escalation
- attack.t1484
logsource:
product: azure
service: auditlogs
detection:
selection:
Category: 'Policy'
ActivityDisplayName: 'Set device registration policies'
condition: selection
falsepositives:
- Unknown
level: high
Reference in New Issue View Git Blame Copy Permalink