Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
3 Hours |
Required Data |
|
Detection Modules |
Cloud |
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Informational |
Description
Azure Key Vault modifications can be crucial as it stores secrets e.g. encryption keys, certifications, etc.
Attacker's Goals
Exfiltrate information, persistence on existing users or damage critical accounts.
Investigative actions
- Check the identity actions prior/after the Key Vault modification.
- Find which credentials were modified and their usage.