LoFP
/
t1021.007
t1021.007
Title
Tags
getsignintoken events will occur when using aws sso portal to login and will generate false positives if you do not filter for the expected user agent(s), see filter. non-sso configured roles would be abnormal and should be investigated.
t1021
t1021.007
t1550
t1550.001
aws
sigma
legitimate adminstrative usage of this functionality will trigger this detection.
t1021.007
t1072
t1105
t1202
t1484
t1529
t1562.001
t1562.004
azure tenant
splunk
LoFP
/
t1021.007