Tag

Deletion

3 briefs RSS

AWS SAML Provider Deletion Activity

An adversary may delete an AWS SAML provider to disrupt administrative access, hindering incident response and potentially escalating privileges within the AWS environment.

aws cloudtrail saml iam deletion impact

2r 2t Dec 19, 2024

medium advisory

Detection of Azure Application Deletion

2 rules 1 TTP

This alert identifies when an application is deleted within an Azure environment, which could indicate malicious activity or unintended misconfiguration leading to service disruption.

Azure application deletion impact t1489

2r 1t Jan 3, 2024

medium advisory

Active Directory Group Policy Deletion Detected

2 rules 2 TTPs

Detection of Active Directory Group Policy deletion using event ID 5136, indicating potential malicious activity or misconfiguration.

Splunk Enterprise +2 active-directory group-policy gpo deletion t1484.001

2r 2t Jan 3, 2024