T1673 | LoFP

T1673

Title	Tags
expected red team assessments or penetration tests may utilize bloodhound tools to evaluate the security posture of azure or microsoft 365 environments. if this is expected behavior, consider adjusting the rule or adding exceptions for specific ip addresses, registered applications, jwt tokens, prts or user principal names (upns).	t1069 t1082 t1087 t1201 t1526 t1580 T1673 azure elastic
legitimate administrative or security assessment activities may use these user-agents, especially in environments where bloodhound is employed for authorized audits. if this is expected behavior, consider adjusting the rule or adding exceptions for specific user-agents or ip addresses.	t1069 t1082 t1087 t1201 t1526 t1580 T1673 azure elastic