This query looks for common deployed resources (resource name and resource groups) and can be used in combination with other signals that show suspicious deployment to evaluate if the resource is one that is commonly being deployed/created or unique.
Source: Github - Microsoft
MITRE ATT&CK Tactics
Not sufficient indicator without any other alerts
Perform additional investigation. Engage internal Azure Operation team.