Tag
high
advisory
Azure AD Account Concurrent Sessions from Different IPs
2 rules 1 TTPDetection of Azure AD accounts with concurrent sessions originating from multiple unique IP addresses within a 5-minute window, potentially indicating session hijacking and unauthorized access.
Azure Active Directory
azure
azuread
compromised-account
2r
1t
high
advisory
Azure AD Account Authentication from Multiple IPs
1 rule 3 TTPsAn Azure AD account successfully authenticating from multiple unique IP addresses within a 30-minute window, detected using Azure AD SignInLogs, which may indicate compromised credentials and unauthorized access to corporate resources.
Azure Active Directory
azure
credential-access
compromised-account
1r
3t