Rule Library
Sigma Rules
6 rules found for "Michael Epping"
3,707Total
3,116Detection
451Emerging
137Hunting
Detectionmediumtest
Bitlocker Key Retrieval
Monitor and alert for Bitlocker key retrieval.
Azureauditlogs
TA0004 · Privilege EscalationTA0003 · PersistenceTA0001 · Initial AccessTA0005 · Defense Evasion+1
Michael EppingTue Jun 28cloud
Detectionhightest
Changes to Device Registration Policy
Monitor and alert for changes to the device registration policy.
Azureauditlogs
TA0005 · Defense EvasionTA0004 · Privilege EscalationT1484 · Domain or Tenant Policy Modification
Michael EppingTue Jun 28cloud
Detectionhightest
Users Added to Global or Device Admin Roles
Monitor and alert for users added to device admin roles.
Azureauditlogs
TA0003 · PersistenceTA0001 · Initial AccessTA0005 · Defense EvasionTA0004 · Privilege Escalation+1
Michael EppingTue Jun 28cloud
Detectionmediumtest
Device Registration or Join Without MFA
Monitor and alert for device registration or join events where MFA was not performed.
Azuresigninlogs
TA0004 · Privilege EscalationTA0003 · PersistenceTA0001 · Initial AccessTA0005 · Defense Evasion+1
Michael EppingTue Jun 28cloud
Detectionhightest
Sign-ins from Non-Compliant Devices
Monitor and alert for sign-ins where the device was non-compliant.
Azuresigninlogs
TA0004 · Privilege EscalationTA0003 · PersistenceTA0001 · Initial AccessTA0005 · Defense Evasion+1
Michael EppingTue Jun 28cloud
Detectionlowtest
Sign-ins by Unknown Devices
Monitor and alert for Sign-ins by unknown devices from non-Trusted locations.
Azuresigninlogs
TA0004 · Privilege EscalationTA0003 · PersistenceTA0001 · Initial AccessTA0005 · Defense Evasion+1
Michael EppingTue Jun 28cloud