AZT201.1 - User Account#
By obtaining valid user credentials, an adversary may login to AzureAD via command line or through the Azure Portal.
Resource
Azure Active Directory
Actions
N/A
Detections
Logs#
Data Source | Application | Resource | Log Location |
---|---|---|---|
Azure Active Directory | Azure Portal | Windows Azure Service Management API | Sign-in Logs |
Azure Active Directory | Microsoft Azure PowerShell | Windows Azure Service Management API | Sign-in Logs |
Queries#
SigninLogs|where Status =="{\"errorCode\":0}" and ResourceDisplayName=="Windows Azure Service Management API"