Managed Sentinel – Alert 016

Alert IDMS-A016
Alert NameCreation of an anomalous number of resources in Azure
DescriptionLooks for anomalous number of resources creation or deployment activities in azure activity log. It is best to run this query on a look back period which is at least 7 days.
Source: Github - Microsoft
Severity LevelInformational
Threat IndicatorImproper Usage
MITRE ATT&CK TacticsExecution
Log sourcesAzureActivity
False PositivePlanned migration activities
RecommendationsEscalate to internal Azure Operation team to understand if any unauthorized changes where done in organization Azure Subscription.