The Devo SciSec Team (Devo’s Threat Research Team) has released this Technology alert pack in all Devo domains! This alert pack brings our SecOps related content to our non-SecOps customers and can help jumpstart your threat coverage. 

Full release notes and details of every alert in this Alert Pack.

Alert Technology Pack: Azure

Microsoft Azure is used for all kinds of projects and initiatives for our customers, the importance of being aware of any potential issues cannot be understated.

Devo is one of the market leaders in Out Of The Box Azure alerts with one of the highest number of detections at highest levels of alert quality.  These detections protect all aspects of Azure ranging from Active Directory to DevOps. We want to ensure that our customers are accurately covered and can rest assured that these detections will alert them for most attacks they face.

Download now directly from Devo Exchange by clicking here.

Here is a sample of 5 of the alerts in this pack:

SecOpsAzureExternalUserInvited - An adversary could create an invitation for an external user to create a new account in Azure AD. This may be a routine activity but could be used as a vector for an adversary to gain access or persistence.
SecOpsAzureUserInformationDownload - An adversary may attempt to get a listing and more information about accounts on a system or within an environment.
SecOpsAzureImpossibleTravel - An adversary could obtain and abuse credentials of existing accounts as a means of gaining Initial Access. Compromised credentials may be used to bypass access controls and for persistent access to remote systems and external services.
SecOpsAzureUserCreated - An adversary could attempt to persist by creating a user account in Azure AD.
SecOpsAzureUserLoginSuspiciousRisk - An adversary could obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.