Managed Sentinel – Alert 014

Alert IDMS-A014
Alert NameCommon deployed resources in Azure
DescriptionThis query looks for common deployed resources (resource name and resource groups) and can be used in combination with other signals that show suspicious deployment to evaluate if the resource is one that is commonly being deployed/created or unique.
Source: Github - Microsoft
Severity LevelInformational
Threat IndicatorImproper Usage
MITRE ATT&CK TacticsExecution
Log sourcesAzureActivity
False PositiveNot sufficient indicator without any other alerts
RecommendationsPerform additional investigation. Engage internal Azure Operation team.