Tag
high
advisory
Detect Application AppID URI Configuration Changes in Azure
2 rules 2 TTPsDetection of configuration changes to an application's AppID URI in Azure, potentially indicating malicious activity related to initial access, persistence, credential access, privilege escalation, or stealth.
Azure Active Directory
azure
appid
uri
application
serviceprincipal
credential-access
privilege-escalation
2r
2t
medium
advisory
Detection of Azure Application Deletion
2 rules 1 TTPThis alert identifies when an application is deleted within an Azure environment, which could indicate malicious activity or unintended misconfiguration leading to service disruption.
Azure
application
deletion
impact
t1489
2r
1t
high
advisory
Azure Application URI Configuration Modification
3 rules 4 TTPsDetection of Azure application URI modifications that can be indicative of malicious activity, such as using dangling URIs, non-HTTPS URIs, wildcard domains, or URIs pointing to uncontrolled domains, potentially leading to initial access, stealth, persistence, credential access, and privilege escalation.
Azure Active Directory
cloud
azure
application
uri
modification
persistence
credential-access
privilege-escalation
3r
4t