Product
medium
advisory
Kubernetes Secret or ConfigMap Access via Azure Arc Proxy
2 rules 2 TTPsDetection of unauthorized access to Kubernetes secrets or configmaps via the Azure Arc AAD proxy service account, indicating potential abuse of stolen service principal credentials to read, exfiltrate, or modify sensitive data.
Azure Arc +2
kubernetes
azure-arc
credential-access
collection
2r
2t
medium
advisory
Unusual Source IP for Azure Arc Cluster Credential Access
2 rules 2 TTPsDetects when a service principal or user performs an Azure Arc cluster credential listing operation from a source IP not previously associated with that identity, potentially indicating compromised credentials.
Azure Arc +1
azure
azure-arc
credential-access
2r
2t