Use-Case	Activity Type (Legacy Event Type)/Parsers	MITRE ATT&CK® TTP	Content
Compromised Credentials	scheduled_task-trigger:success (app-activity) ↳microsoft-azure-cef-app-activity-updatedevice ↳microsoft-azure-cef-app-activity-updateuser ↳microsoft-azure-cef-app-activity-addmembertogroup ↳microsoft-azure-cef-app-activity-updategroup ↳microsoft-azure-cef-app-activity-adduser	T1078 - Valid Accounts T1133 - External Remote Services	39 Rules 24 Models
Data Access	scheduled_task-trigger:success (app-activity) ↳microsoft-azure-cef-app-activity-updatedevice ↳microsoft-azure-cef-app-activity-updateuser ↳microsoft-azure-cef-app-activity-addmembertogroup ↳microsoft-azure-cef-app-activity-updategroup ↳microsoft-azure-cef-app-activity-adduser	T1078 - Valid Accounts	19 Rules 11 Models
Data Leak	scheduled_task-trigger:success (app-activity) ↳microsoft-azure-cef-app-activity-updatedevice ↳microsoft-azure-cef-app-activity-updateuser ↳microsoft-azure-cef-app-activity-addmembertogroup ↳microsoft-azure-cef-app-activity-updategroup ↳microsoft-azure-cef-app-activity-adduser	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules
Privilege Abuse	scheduled_task-trigger:success (app-activity) ↳microsoft-azure-cef-app-activity-updatedevice ↳microsoft-azure-cef-app-activity-updateuser ↳microsoft-azure-cef-app-activity-addmembertogroup ↳microsoft-azure-cef-app-activity-updategroup ↳microsoft-azure-cef-app-activity-adduser app-activity:fail (app-activity-failed) ↳microsoft-azure-cef-app-activity-updatedevice ↳microsoft-azure-cef-app-activity-updateuser ↳microsoft-azure-cef-app-activity-addmembertogroup ↳microsoft-azure-cef-app-activity-updategroup ↳microsoft-azure-cef-app-activity-adduser	T1078 - Valid Accounts T1098 - Account Manipulation T1098.002 - Account Manipulation: Exchange Email Delegate Permissions	6 Rules 2 Models
Privilege Escalation	scheduled_task-trigger:success (app-activity) ↳microsoft-azure-cef-app-activity-updatedevice ↳microsoft-azure-cef-app-activity-updateuser ↳microsoft-azure-cef-app-activity-addmembertogroup ↳microsoft-azure-cef-app-activity-updategroup ↳microsoft-azure-cef-app-activity-adduser	T1098 - Account Manipulation T1098.002 - Account Manipulation: Exchange Email Delegate Permissions	3 Rules 1 Models
Privileged Activity	scheduled_task-trigger:success (app-activity) ↳microsoft-azure-cef-app-activity-updatedevice ↳microsoft-azure-cef-app-activity-updateuser ↳microsoft-azure-cef-app-activity-addmembertogroup ↳microsoft-azure-cef-app-activity-updategroup ↳microsoft-azure-cef-app-activity-adduser app-activity:fail (app-activity-failed) ↳microsoft-azure-cef-app-activity-updatedevice ↳microsoft-azure-cef-app-activity-updateuser ↳microsoft-azure-cef-app-activity-addmembertogroup ↳microsoft-azure-cef-app-activity-updategroup ↳microsoft-azure-cef-app-activity-adduser	T1078 - Valid Accounts	2 Rules 1 Models

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

2_ds_microsoft_azure.md

2_ds_microsoft_azure.md

Files

2_ds_microsoft_azure.md

Latest commit

History

2_ds_microsoft_azure.md

File metadata and controls