New detection rules for Azure Active Directory 🕵️☁️

In order to improve our detection capacity, we are developing detection rules for new intakes such as Azure Active Directory.

In this new set of rules, you can find rules that detect suspicious user actions such as unusual configuration, unusual connection locations or brute-force.
You can also access alerts directly related to the Azure Active Directory CTI, such as malicious IP adresses or known attack patterns.

oc_rules_catalog_azure_active_directory.png

Other detection rules can be found on SEKOIA.IO XDR, in the rules catalog page. Those that have been updated recently appear at the top of the list.

What do you think about this update?