LoFP / container registry being created or deleted may be performed by a system administrator. verify whether the user identity, user agent, and/or hostname should be making changes in your environment.

Techniques

Sample rules

Azure Container Registry Created or Deleted

• source: sigma
• technicques:

Description

Detects when a Container Registry is created or deleted.

Detection logic

condition: selection
selection:
  operationName:
  - MICROSOFT.CONTAINERREGISTRY/REGISTRIES/WRITE
  - MICROSOFT.CONTAINERREGISTRY/REGISTRIES/DELETE