LoFP LoFP / application credential added from unfamiliar users should be investigated. if known behavior is causing false positives, it can be exempted from the rule.

Techniques

Sample rules

Azure Application Credential Modified

Description

Identifies when a application credential is modified.

Detection logic

condition: selection
selection:
  properties.message: Update application - Certificates and secrets management