security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fefb8564717d69af72ededb4172bc7ec00aac734
blue-team-tools/rules/cloud/azure/azure_granting_permission_detection.yml
T
frack113 050fb2b77d fix more errors
2021-08-15 19:17:56 +02:00

20 lines
644 B
YAML
Raw Blame History

title: Granting Of Permissions To An Account
id: a622fcd2-4b5a-436a-b8a2-a4171161833c
status: experimental
author: sawwinnnaung
date: 2020/05/07
description: Identifies IPs from which users grant access to other users on azure resources and alerts when a previously unseen source IP address is used.
references:
- https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AzureActivity/Granting_Permissions_To_Account_detection.yaml
logsource:
service: AzureActivity
detection:
keywords:
- Microsoft.Authorization/roleAssignments/write
condition: keywords
level: medium
falsepositives:
- Valid change
tags:
- attack.t1098
Reference in New Issue View Git Blame Copy Permalink