An Azure Key Vault key was modified

Cortex XDR Analytics Alert Reference by data source
Last date published
2024-04-15
Order
data source

Synopsis

Activation Period

14 Days

Training Period

30 Days

Test Period

N/A (single event)

Deduplication Period

5 Days

Required Data

  • Requires:
    • Azure Audit Log

Detection Modules

Cloud

ATT&CK Tactic

Credential Access (TA0006)

ATT&CK Technique

Unsecured Credentials: Credentials In Files (T1552.001)

Severity

Informational

Description

An Azure Key Vault key was modified.

Attacker's Goals

  • Gain access to sensitive data stored in the Azure Key Vault.

Investigative actions

  • Check the Azure Key Vault configuration to identify what changes were made.