An Azure Key Vault was modified

Cortex XDR Analytics Alert Reference by data source

Product
Cortex XDR
Last date published
2024-12-03
Category
Analytics Alert Reference
Order
data source

Synopsis

Activation Period

14 Days

Training Period

30 Days

Test Period

N/A (single event)

Deduplication Period

5 Days

Required Data

  • Requires:
    • Azure Audit Log

Detection Modules

Cloud

Detector Tags

ATT&CK Tactic

Credential Access (TA0006)

ATT&CK Technique

Unsecured Credentials: Credentials In Files (T1552.001)

Severity

Informational

Description

Azure Key Vault has been modified or deleted by an Identity. This could be an indication of unauthorized access or malicious activity.

Attacker's Goals

  • Gain access to sensitive data stored in the Azure Key Vault.

Investigative actions

  • Check the Azure Key Vault configuration to identify what changes were made.