security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d14e287cdf91e2a8b995de5bfbc3fa8540c1922b
blue-team-tools/rules/cloud/azure/azure_priviledged_role_assignment_add.yml
T
Mark Morowczynski 29ca26b32c Updating MITRE Tactics & Techniques 
Updating MITRE Tactics & Techniques to align with existing classifications
2023-01-28 13:26:15 -08:00

25 lines
826 B
YAML
Raw Blame History

title: User Added To Privilege Role
id: 49a268a4-72f4-4e38-8a7b-885be690c5b5
status: experimental
description: Detects when a user is added to a privileged role.
references:
- https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/security-operations-privileged-identity-management#azure-ad-roles-assignment
author: Mark Morowczynski '@markmorow', Yochana Henderson, '@Yochana-H'
date: 2022/08/06
tags:
- attack.privilege_escalation
- attack.defense_evasion
- attack.t1078.004
logsource:
product: azure
service: auditlogs
detection:
selection:
properties.message:
- Add eligible member (permanent)
- Add eligible member (eligible)
condition: selection
falsepositives:
- Legtimate administrator actions of adding members from a role
level: high
Reference in New Issue View Git Blame Copy Permalink