User ran a command on Azure Compute

Classification:

attack

Tactic:

Set up the azure integration.

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Goal

Detect when a user runs a command on an Azure Virtual Machine through the Azure CLI or Portal.

Monitor Azure Compute logs for MICROSOFT.COMPUTE/VIRTUALMACHINES/RUNCOMMAND/ACTION events that have @evt.outcome of Success.

Reach out to the user to determine if the activity is legitimate.