MS-A197 - Managed Sentinel

Managed Sentinel – Alert 197

Alert ID	MS-A197
Alert Name	Suspicious number of resource creation or deployment activities
Description	This alert indicates when an anomalous number of VM creations or deployment activities occur in Azure via the AzureActivity log.
Severity Level	Medium
Threat Indicator
MITRE ATT&CK Tactics	Persistence Exfiltration
Log sources	AzureActivity
False Positives
Recommendations