application deleted from unfamiliar users should be investigated. if known behavior is causing false positives, it can be exempted from the rule.

source: <a href=https://github.com/SigmaHQ/sigma/blob/master/rules/cloud/azure/activity_logs/azure_application_deleted.yml>sigma
technicques: t1489

Techniques

Identifies when a application is deleted in Azure.

condition: selection
selection:
  properties.message:
  - Delete application
  - Hard Delete application