Managed Sentinel – Alert 197

Alert IDMS-A197
Alert NameSuspicious number of resource creation or deployment activities
DescriptionThis alert indicates when an anomalous number of VM creations or deployment activities occur in Azure via the AzureActivity log.
Severity LevelMedium
Threat Indicator
MITRE ATT&CK TacticsPersistence
Exfiltration
Log sourcesAzureActivity
False Positives
Recommendations