Rules Contributing to Microsoft Entra ID Discovery using Azurehound Alert
The following rules are used to identify Microsoft Entra ID discovery using Azurehound. Any one or more of these will trigger the Microsoft Entra ID Discovery using Azurehound Alert. Details for each rule can be viewed by clicking the More Details link in the description.
Title |
Description |
||||||||
---|---|---|---|---|---|---|---|---|---|
Discovery Using AzureHound |
Detects AzureHound (A BloodHound data collector for Microsoft Azure) activity via the default User-Agent that is used during its operation after successful authentication. More details
Rule IDQuery{'selection': {'userAgent|contains': 'azurehound', 'login_result': 'success'}, 'condition': 'selection'} Log SourceStellar Cyber Microsoft Entra Events configured. Rule SourceSigmaHQ,35b781cc-1a08-4a5a-80af-42fd7c315c6b Author: Janantha Marasinghe Tactics, Techniques, and ProceduresReferencesSeverity75 Suppression Logic Based On
Additional Information
|