<  Back to rules search

Azure user invited an external user

azure

Classification:

attack

Tactic:

Set up the azure integration.

Goal

Detect when an invitation is sent to an external user.

Strategy

Monitor Azure Active Directory Audit logs and detect when any @evt.name is equal to Invite external user and the @evt.outcome is equal to success.

Triage and response

  1. Review and determine if the invitation and its recipient are valid.