Azure New Owner added to Azure Active Directory application
Set up the azure integration.
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。
Goal
Detect when a user is added as a new owner for an Active Directory application which could be used as a persistence mechanism.
Strategy
Monitor Azure Active Directory logs for @evt.name: "Add owner to application"
has an @evt.outcome
of success
.
Triage and response
- Review evidence of anomalous activity for the user being added as an owner (
@properties.targetResources
) for the Active Directory application. - Determine if there is a legitimate reason for the user being added to the application.