Azure user invited an external user
Incident Management is now generally available! Incident Management is now generally available!
<  Back to rules search

Azure user invited an external user

azure

Classification:

compliance

Set up the azure integration.

Overview

Goal

Detect when an invitation is sent to an external user.

Strategy

Monitor Azure Active Directory Audit logs and detect when any @evt.name is equal to Invite external user and the @evt.outcome is equal to success.

Triage & Response

  1. Review and determine if the invitation and its recipient are valid.