Tag
medium
advisory
Detection of Azure Service Principal Creation
3 rules 1 TTPDetects the creation of a service principal in Azure, which could indicate potential attacker activity for lateral movement or persistence.
Azure
cloud
service principal
persistence
lateral movement
3r
1t
medium
advisory
Azure Service Principal Removal Detection
2 rules 1 TTPDetection of a service principal removal in Azure, potentially indicating malicious activity or an attempt to remove evidence of a compromise.
Azure
service principal
stealth
cloud
2r
1t