Description
Azure Conditional Access policies control access to resources via if-then statements. For example, if a user wants to access a resource, then they must complete an action such as using multi-factor authentication to access it. An adversary may modify a Conditional Access policy in order to weaken their target's security controls.
event.module:azure and event.dataset:azure.activitylogs and event.category:Administrative and azure.activitylogs.operation_name:"Update policy"
Required Info
filebeat-*
- Target Operating Systems:
Azure
- Target ECS Version:
1.5.0
- New fields required in ECS for this? No
- Related issues or PRs None
Optional Info
Example Data
Description
Azure Conditional Access policies control access to resources via if-then statements. For example, if a user wants to access a resource, then they must complete an action such as using multi-factor authentication to access it. An adversary may modify a Conditional Access policy in order to weaken their target's security controls.
Required Info
filebeat-*Azure
1.5.0Optional Info
Example Data