A new Azure email domain verification was requested

Cortex XSIAM Analytics Alert Reference by Alert name
Product
Cortex XSIAM
Last date published
2025-06-24
Category
Analytics Alert Reference
Index by
Alert name

Synopsis

Activation Period

14 Days

Training Period

30 Days

Test Period

N/A (single event)

Deduplication Period

5 Days

Required Data

  • Requires:
    • Azure Audit Log

Detection Modules

Cloud

Detector Tags

ATT&CK Tactic

Resource Development (TA0042)

ATT&CK Technique

Compromise Accounts: Email Accounts (T1586.002)

Severity

Informational

Description

A new Azure email domain verification was requested.

Attacker's Goals

Use existing domain to launch phishing attacks from your environment.

Investigative actions

Check if you recognize the added email domain.

Variations

A new Azure email domain verification was requested by an unusual identity

Synopsis

ATT&CK Tactic

Resource Development (TA0042)

ATT&CK Technique

Compromise Accounts: Email Accounts (T1586.002)

Severity

Low

Description

A new Azure email domain verification was requested.
The identity was not seen performing operations on this resource type in the last 30 days.

Attacker's Goals

Use existing domain to launch phishing attacks from your environment.

Investigative actions

Check if you recognize the added email domain.