Tag
low
advisory
Unusual City for Azure Activity Logs Event
2 rules 3 TTPsA machine learning job detected Azure Activity Logs activity that, while not inherently suspicious or abnormal, is sourcing from a geolocation (city) that is unusual for the event action, indicating potential compromised credentials.
azure
cloud
anomaly-detection
2r
3t
low
advisory
Unusual Host Name for Windows Privileged Operations Detected via ML
2 rules 2 TTPsA machine learning job has identified a user performing privileged operations in Windows from an uncommon device, indicating potential privileged access activity associated with compromised accounts or insider threats.
privileged-access-detection
anomaly-detection
windows
2r
2t