- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
Set up the azure integration.
Detects when a user adds a secret or certificate to an Azure Active Directory Application that is not regularly updated.
Monitor Azure AD Audit logs for the following @evt.name
:
Update application – Certificates and secrets management
Add service principal credentials
Monitor Microsoft 365 Audit logs for the following @evt.name
:
Update application – Certificates and secrets management
Add service principal credentials.
An attacker can add a secret or certificate to an application in order to connect to Azure AD as the application and perform API operation leveraging the application permissions that are assigned to it. An attacker may target an application that is seldom changed to avoid detection. Using the New Value
detection method, a signal is raised when an application not seen in the previous 7 days has credentials added.
{{@usr.id}}
should have made a {{@evt.name}}
API call.2 November 2022 - Updated severity.