Managed Sentinel – Alert 041

Alert IDMS-A041
Alert NameGranting elevated permissions to an account in Azure
DescriptionShows the most prevalent users who grant access to others on azure resources and for each account their common source ip address
Source: Github - Microsoft
Severity LevelLow
Threat IndicatorImproper Usage
MITRE ATT&CK TacticsPersistence
Log sourcesAzureActivity
False Positive
RecommendationsIf an operation is not from this IP address it may be worthy of investigation.