Managed Sentinel – Alert 068

Alert IDMS-A068
Alert NameMass secret retrieval from Azure Key Vault observed by a single user
DescriptionThis alert identifies when a single user performs a large number of secret retrieval from Azure Key Vault.
Severity LevelInformational
Threat Indicator
MITRE ATT&CK TacticsCredential Access
Log sourcesAzure Diagnostics
False Positives
Recommendations