Tag
critical
threat
Azure AD Privileged Graph API Permission Assignment
2 rules 1 TTPDetection of high-risk Graph API permission assignments (Application.ReadWrite.All, AppRoleAssignment.ReadWrite.All, and RoleManagement.ReadWrite.Directory) in Azure AD, potentially leading to unauthorized modifications and security breaches.
Azure Active Directory
NOBELIUM Group
azuread
cloud
graphapi
privilegeescalation
persistence
2r
1t
high
advisory
Kubernetes Pod with Host Network Attachment Detected
2 rules 1 TTPDetection of Kubernetes pods configured to use the host network namespace via audit logs, potentially allowing attackers to monitor all node network traffic for sensitive data and privilege escalation.
Kubernetes
hostnetwork
privilegeescalation
2r
1t