AZT705 - Azure Backup Delete#
An adversary may delete data within the Recovery Service Vault, which houses backup data.
Resource
Recovery Service Vaults
Actions
-
Microsoft.RecoveryServices/Vaults/delete
-
Microsoft.RecoveryServices/Vaults/read
Detections
Logs#
Data Source | Operation Name | Action | Log Provider |
---|---|---|---|
Resource | Delete | Microsoft.RecoveryServices/Vaults/delete | AzureActivity |
Queries#
Platform | Query |
---|---|
Log Analytics | AzureActivity | where ResourceProviderValue == "MICROSOFT.RECOVERYSERVICES" and OperationNameValue contains "Delete" |
Additional Resources