Rules Contributing to Microsoft Entra Federation Modified Alert
The following rules are used to identify suspicious Microsoft Entra federation modified activity. Any one or more of these will trigger the Microsoft Entra Federation Modified Alert. Details for each rule can be viewed by clicking the More Details link in the description.
Title |
Description |
||||||||
---|---|---|---|---|---|---|---|---|---|
Azure Domain Federation Settings Modified |
Identifies when a user or application modified the federation settings on the domain. More details
Rule IDQuery{'selection': {'ActivityDisplayName': 'Set federation settings on domain'}, 'condition': 'selection'} Log SourceStellar Cyber Microsoft Entra Events configured. Rule SourceSigmaHQ,352a54e1-74ba-4929-9d47-8193d67aba1e Author: Austin Songer Tactics, Techniques, and ProceduresReferencesSeverity50 Suppression Logic Based On
Additional Information
|