📦

Azure Active Directory

(3)
1 Template

Microsoft's cloud-based identity and access management service providing single sign-on, multi-factor authentication, and identity protection

Available Data Sources:
Authentication (3)
Azure Active Directory sign-in logs capturing user authentication events with detailed device, location, and security context
📊 1 Data Source
📖 Documentation View Data Sources
📦

Defender for Identity

(0)
1 Template

Cloud-based security solution that identifies, detects, and investigates advanced threats, compromised identities, and malicious insider actions

Available Data Sources:
Security-Alerts (0)
Microsoft Defender for Identity alert for pass-the-ticket attacks indicating lateral movement through stolen Kerberos tickets
📊 1 Data Source
📖 Documentation View Data Sources
📦

Exchange Online

(0)
1 Template

Cloud-based email and calendaring service part of Microsoft 365

Available Data Sources:
Email-Security (0)
Exchange Online audit log for new inbox rule creation events
📊 1 Data Source
📖 Documentation View Data Sources
📦

Windows

(0)
1 Template

Microsoft Windows Operating System - comprehensive desktop and server platform

Available Data Sources:
System (0)
CLOP Ransomware Service Installation - Known persistence mechanism used by CLOP ransomware family
📊 1 Data Source
📖 Documentation View Data Sources