Managed Sentinel – Alert 066

Alert IDMS-A066
Alert NameAzure activity from malicious IPs
DescriptionIndicates Azure activities recorded from IP addresses listed in Managed Sentinel Threat Intelligence Feed
Severity LevelMedium
Threat IndicatorUnauthorized Access
MITRE ATT&CK TacticsInitial Access
Log sourcesAzure AD
False Positive
Recommendations1. Verify the malicious IP address against other Threat Intelligence sources
2. Based on the confidence level, perform an investigation in Azure Sentinel to understand any lateral movements from the IP address into your organiation Azure environment.
3. Disable the Azure AD account used for the remote access
4. Enable MFA