LoFP
/
t1098.001
t1098.001
Title
Tags
service principal client credential modifications may be part of legitimate administrative operations. filter as needed.
t1098
t1098.001
azure active directory
o365 tenant
splunk
validate the actor if permitted to access the repo.
t1098
t1098.001
t1098.003
t1213
t1213.003
github
sigma
validate the multifactor authentication changes.
t1098
t1098.001
t1098.003
t1213
t1213.003
github
sigma
when an admin creates a new, authorised identity provider.
t1098
t1098.001
okta
sigma
when credentials are added/removed as part of the normal working hours/workflows
t1098
t1098.001
azure
sigma