An Azure Point-to-Site VPN was modified

Cortex XDR Analytics Alert Reference by data source

Product: Cortex XDR
Last date published: 2026-05-18
Category: Analytics Alert Reference
Index by: data source

Synopsis

Activation Period	14 Days
Training Period	30 Days
Test Period	N/A (single event)
Deduplication Period	5 Days
Required Data	Requires: Azure Audit Log
Detection Modules	Cloud
Detector Tags
ATT&CK Tactic	Defense Evasion (TA0005)
ATT&CK Technique	Impair Defenses (T1562)
Severity	Informational

Description

An Azure Point-to-Site VPN was modified or deleted.

Attacker's Goals

Bypass security controls.

Investigative actions

Determine how the Azure Point-to-Site VPN was modified or deleted.
Verify whether the identity performing this action is authorized to make such changes.