Tag
medium
advisory
Google Workspace User Sign-in from Atypical Device Type
2 rules 2 TTPsThis rule detects when a Google Workspace user authenticates from a device type that hasn't been observed for that user in the past 14 days, potentially indicating account compromise via AiTM kits or stolen OAuth refresh tokens.
Google Workspace
google_workspace
persistence
account_compromise
device_registration
2r
2t
high
advisory
Azure AD Sign-In with Unfamiliar Properties
2 rules 4 TTPsThis alert detects Azure AD sign-ins with properties unfamiliar to the user, indicating potential account compromise or unauthorized access.
Azure Active Directory
azure
identity_protection
sign-in
account_compromise
risk_detection
2r
4t