Sigma Rules
10 rules found for "Mike Duddington"
Account Created And Deleted Within A Close Time Frame
Detects when an account was created and deleted in a short period of time.
Guest Users Invited To Tenant By Non Approved Inviters
Detects guest users being invited to tenant by non-approved inviters
User State Changed From Guest To Member
Detects the change of user type from "Guest" to "Member" for potential elevation of privilege.
Successful Authentications From Countries You Do Not Operate Out Of
Detect successful authentications from countries you do not operate out of.
Increased Failed Authentications Of Any Type
Detects when sign-ins increased by 10% or greater.
Measurable Increase Of Successful Authentications
Detects when successful sign-ins increased by 10% or greater.
Authentications To Important Apps Using Single Factor Authentication
Detect when authentications to important application(s) only required single-factor authentication
Failed Authentications From Countries You Do Not Operate Out Of
Detect failed authentications from countries you do not operate out of.
Azure AD Only Single Factor Authentication Required
Detect when users are authenticating without MFA being required.
Users Authenticating To Other Azure AD Tenants
Detect when users in your Azure AD tenant are authenticating to other Azure AD Tenants.