"using to make these detections. the most useful attributes being ip address, operating system, asn, and country of origin. once an atrisk login has been identified, i start my investigation by querying the related user account and comparing the surrounding log ’ s login informati…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1078.004Cloud Accounts
73%
"in the attack chain. i hope this helps you as well. sigma rule : title : high risk azure login requiring mfa status : tested description : this detection leverages azure ad ’ s built - in service, azure ad identity protection, to detect anomalous high risk sign ins to cloud accou…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1078.004Cloud Accounts
58%
"monitoring high risk azure logins monitoring high risk azure logins recently in the soc, we were notified by a partner that they had a potential business email compromise, or bec. we commonly catch these by identifying suspicious email forwarding rules, utilizing anomaly detectio…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
"using to make these detections. the most useful attributes being ip address, operating system, asn, and country of origin. once an atrisk login has been identified, i start my investigation by querying the related user account and comparing the surrounding log ’ s login informati…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1525Implant Internal Image
31%
"monitoring high risk azure logins monitoring high risk azure logins recently in the soc, we were notified by a partner that they had a potential business email compromise, or bec. we commonly catch these by identifying suspicious email forwarding rules, utilizing anomaly detectio…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Recently in the SOC, we were notified by a partner that they had a potential business email compromise, or BEC. We commonly catch these by identifying suspicious email forwarding rules, […]
