Techniques
Sample rules
Azure Service Principal Removed
- source: sigma
- technicques:
Description
Identifies when a service principal was removed in Azure.
Detection logic
condition: selection
selection:
properties.message: Remove service principal
LoFP
/
service principal removed from unfamiliar users should be investigated. if known behavior is causing false positives, it can be exempted from the rule.Identifies when a service principal was removed in Azure.
condition: selection
selection:
properties.message: Remove service principal