Sigma Rules
12 rules found for "Yochana Henderson"
Guest User Invited By Non Approved Inviters
Detects when a user that doesn't have permissions to invite a guest user attempts to invite one.
PIM Approvals And Deny Elevation
Detects when a PIM elevation is approved or denied. Outside of normal operations should be investigated.
PIM Alert Setting Changes To Disabled
Detects when PIM alerts are set to disabled.
Changes To PIM Settings
Detects when changes are made to PIM roles
User Added To Privilege Role
Detects when a user is added to a privileged role.
Bulk Deletion Changes To Privileged Account Permissions
Detects when a user is removed from a privileged role. Bulk changes should be investigated.
Privileged Account Creation
Detects when a new admin is created.
Temporary Access Pass Added To An Account
Detects when a temporary access pass (TAP) is added to an account. TAPs added to priv accounts should be investigated
Password Reset By User Account
Detect when a user has reset their password in Azure AD
Account Disabled or Blocked for Sign in Attempts
Detects when an account is disabled or blocked for sign in but tried to log in
Sign-in Failure Due to Conditional Access Requirements Not Met
Define a baseline threshold for failed sign-ins due to Conditional Access failures
Use of Legacy Authentication Protocols
Alert on when legacy authentication has been used on an account