Tag
medium
advisory
Account Configured with Never-Expiring Password
2 rules 1 TTPDetects the creation and modification of an account with the 'Don't Expire Password' option enabled, which attackers can abuse to persist in the domain and maintain long-term access.
Active Directory
persistence
windows
account-manipulation
2r
1t
high
advisory
Azure AD Account Created and Deleted Within a Close Time Frame
2 rules 3 TTPsDetection of Azure Active Directory accounts that are created and deleted within a short timeframe, potentially indicating malicious activity such as privilege escalation or persistence attempts.
Azure Active Directory
privilege-escalation
persistence
initial-access
stealth
account-manipulation
2r
3t