[New Rule] Suspicious ADRS Token Request by Microsoft Auth Broker (#4801)

* new rule Suspicious ADRS Token Request by Microsoft Auth Broker * bumping patch version * updating patch version
2025-06-18 14:41:04 -04:00
parent 0c68fcb7d9
commit 0aefedd6f1
3 changed files with 101 additions and 1 deletions
@@ -180,6 +180,7 @@
    "azure.signinlogs.properties.original_transfer_method": "keyword",
    "azure.auditlogs.properties.target_resources.0.display_name": "keyword",
    "azure.signinlogs.properties.authentication_details.authentication_method": "keyword",
+    "azure.signinlogs.properties.authentication_processing_details": "keyword",
    "azure.signinlogs.properties.token_protection_status_details.sign_in_session_status": "keyword"
  },
  "logs-azure.activitylogs-*": {