cd
Toggle Menu
whoami
detection
blog
tags
Detections tagged with
AzureAD
Jan 1, 2025
2025-01-01: Azure Active Directory - Conditional Access Policy Modified
#KQL
#Sentinel
#CAP
#AzureAD
#T1556.009
Jan 2, 2025
2025-01-02: Azure Active Directory - Credential Added to App Registration
#KQL
#Sentinel
#AzureAD
#SPN
#T1098.001
Jan 23, 2025
AzureAD - SigninLogs: Multiple AAD Users Failing to Authenticate from Same Source IP
#KQL
#Sentinel
#AzureAD
#SigninLogs
#T1110
Jan 24, 2025
AzureAD - CAP: Conditional Access Policy Deleted
#KQL
#Sentinel
#AzureAD
#CAP
#AuditLogs
#T1556.009
Jan 25, 2025
Azure AD - App/OAuth: Admin Consented to Risky API Permissions on Behalf of the Organization
#KQL
#Sentinel
#AzureAD
#OAuth
#AuditLogs
#T1199
Jan 26, 2025
Azure AD - SigninLogs: Large Number of Failed Logins Followed by a Successful Login to the Azure Portal
#KQL
#Sentinel
#AzureAD
#SigninLogs
#T1110
Jan 27, 2025
Azure AD - CAP: New Trusted Location Created
#KQL
#Sentinel
#AzureAD
#CAP
#AuditLogs
#T1556.009
Jan 28, 2025
Azure AD - CAP: Named Location Modified
#KQL
#Sentinel
#AzureAD
#CAP
#AuditLogs
#T1556.009
Jan 29, 2025
Azure AD - CAP: Trusted Location Modified
#KQL
#Sentinel
#AzureAD
#CAP
#AuditLogs
#T1556.009
Jan 26, 2025
Azure AD - SigninLogs: Large Number of Failed Logins Followed by a Successful Login to the Azure Portal
#KQL
#Sentinel
#AzureAD
#SigninLogs
#T1110