AZT503 - HTTP Trigger#
Adversaries may configure a resource with an HTTP trigger to run commands without needing authentication.
| ID | Name | Description | Action | Resources |
|---|---|---|---|---|
| AZT503.1 | Logic Application | Adversaries may configure a Logic Application with an HTTP trigger to run commands without needing authentication. | Microsoft.Logic/workflows/write | Logic Application |
| Microsoft.Logic/workflows/run/action | ||||
| Microsoft.Logic/operations/read | ||||
| AZT503.2 | Function App | Adversaries may configure a Function App with an HTTP trigger to run commands without needing authentication. | Microsoft.Web/sites/Write | Function App |
| microsoft.web/sites/functions/action | ||||
| microsoft.web/sites/functions/write | ||||
| AZT503.3 | Runbook Webhook | Adversaries may create a webhook to a Runbook which allows unauthenticated access into an Azure subscription or tenant. | Microsoft.Automation/automationAccounts/runbooks/* | Automation Account |
| AZT503.4 | WebJob | Adversaries may create a WebJob on a App Service which allows arbitrary background tasks to be run on a set schedule | Microsoft.Web/sites/Write | App Service |