You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/sentinel/fusion.md
+6-6Lines changed: 6 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -44,7 +44,7 @@ Rule templates are not applicable for the advanced multistage attack detection.
44
44
45
45
Using advanced multistage attack detection, Azure Sentinel supports the following scenarios that combine anomaly events from Azure Active Directory Identity Protection and Microsoft Cloud App Security:
46
46
47
-
-[Impossible travel to atypical location followed by anomalous Office 365 activity](##impossible-travel-to-atypical-location-followed-by-anomalous-office-365-activity)
47
+
-[Impossible travel to atypical location followed by anomalous Office 365 activity](#impossible-travel-to-atypical-location-followed-by-anomalous-office-365-activity)
48
48
-[Sign-in activity for unfamiliar location followed by anomalous Office 365 activity](#sign-in-activity-for-unfamiliar-location-followed-by-anomalous-office-365-activity)
49
49
-[Sign-in activity from infected device followed by anomalous Office 365 activity](#sign-in-activity-from-infected-device-followed-by-anomalous-office-365-activity)
50
50
-[Sign-in activity from anonymous IP address followed by anomalous Office 365 activity](#sign-in-activity-from-anonymous-ip-address-followed-by-anomalous-office-365-activity)
@@ -56,7 +56,7 @@ In the descriptions that follow, Azure Sentinel will display the actual value fr
56
56
57
57
### Impossible travel to atypical location followed by anomalous Office 365 activity
58
58
59
-
There are seven possible Azure Sentinel incidents that combine impossible travel to atypical location alerts from Azure AD Identity Protection and anomalous Office 365 alerts generated by Microsoft Cloud App Security.
59
+
There are seven possible Azure Sentinel incidents that combine impossible travel to atypical location alerts from Azure AD Identity Protection and anomalous Office 365 alerts generated by Microsoft Cloud App Security:
60
60
61
61
-**Impossible travel to atypical locations leading to Office 365 mailbox exfiltration**
62
62
@@ -153,7 +153,7 @@ There are seven possible Azure Sentinel incidents that combine sign-in activity
153
153
154
154
### Sign-in activity from infected device followed by anomalous Office 365 activity
155
155
156
-
There are seven possible Azure Sentinel incidents that combine sign-in activity from infected device alerts from Azure AD Identity Protection and anomalous Office 365 alerts generated by Microsoft Cloud App Security.
156
+
There are seven possible Azure Sentinel incidents that combine sign-in activity from infected device alerts from Azure AD Identity Protection and anomalous Office 365 alerts generated by Microsoft Cloud App Security:
157
157
158
158
-**Sign-in event from an infected device leading to Office 365 mailbox exfiltration**
159
159
@@ -201,7 +201,7 @@ There are seven possible Azure Sentinel incidents that combine sign-in activity
201
201
202
202
### Sign-in activity from anonymous IP address followed by anomalous Office 365 activity
203
203
204
-
There are seven possible Azure Sentinel incidents that combine sign-in activity from anonymous IP address alerts from Azure AD Identity Protection and anomalous Office 365 alerts generated by Microsoft Cloud App Security.
204
+
There are seven possible Azure Sentinel incidents that combine sign-in activity from anonymous IP address alerts from Azure AD Identity Protection and anomalous Office 365 alerts generated by Microsoft Cloud App Security:
205
205
206
206
-**Sign-in event from an anonymous IP address leading to Office 365 mailbox exfiltration**
207
207
@@ -249,9 +249,9 @@ There are seven possible Azure Sentinel incidents that combine sign-in activity
249
249
250
250
### Sign-in activity from user with leaked credentials followed by anomalous Office 365 activity
251
251
252
-
There are seven possible Azure Sentinel incidents that combine sign-in activity from user with leaked credentials alerts from Azure AD Identity Protection and anomalous Office 365 alerts generated by Microsoft Cloud App Security.
252
+
There are seven possible Azure Sentinel incidents that combine sign-in activity from user with leaked credentials alerts from Azure AD Identity Protection and anomalous Office 365 alerts generated by Microsoft Cloud App Security:
253
253
254
-
-**Sign-in event from User with leaked credentials leading to Office 365 mailbox exfiltration**
254
+
-**Sign-in event from user with leaked credentials leading to Office 365 mailbox exfiltration**
255
255
256
256
This alert is an indication that the sign-in event by \<*account name*> used leaked credentials, followed by a suspicious inbox forwarding rule was set on a user's inbox.
0 commit comments