Merge pull request #205341 from kavishbakshi1/patch-1

PRMerger19 · web-flow · commit a9fdfab6566d · 2022-07-20T04:54:32.000-07:00
Update alerts-reference.md
diff --git a/articles/defender-for-cloud/alerts-reference.md b/articles/defender-for-cloud/alerts-reference.md
@@ -569,7 +569,7 @@ Microsoft Defender for Containers provides security alerts on the cluster level
 | **High volume of operations in a key vault**<br>(KV_OperationVolumeAnomaly)        | An anomalous number of key vault operations were performed by a user, service principal, and/or a specific key vault. This anomalous activity pattern may be legitimate, but it could be an indication that a threat actor has gained access to the key vault and the secrets contained within it. We recommend further investigations.                                                                                                                                                                                                                         | Credential Access                            | Medium   |
 | **Suspicious policy change and secret query in a key vault**<br>(KV_PutGetAnomaly) | A user or service principal has performed an anomalous Vault Put policy change operation followed by one or more Secret Get operations. This pattern is not normally performed by the specified user or service principal. This may be legitimate activity, but it could be an indication that a threat actor  has updated the key vault policy to access previously inaccessible secrets. We recommend further investigations.                                                                                                                                 | Credential Access                            | Medium   |
 | **Suspicious secret listing and query in a key vault**<br>(KV_ListGetAnomaly)      | A user or service principal has performed an anomalous Secret List operation followed by one or more Secret Get operations. This pattern is not normally performed by the specified user or service principal and is typically associated with secret dumping. This may be legitimate activity, but it could be an indication that a threat actor  has gained access to the key vault and is trying to discover secrets that can be used to move laterally through your network and/or gain access to sensitive resources. We recommend further investigations. | Credential Access                            | Medium   |
-| **Unusual access denied - User accessing high volume of key vaults denied**<br>(KV_DeniedAccountVolumeAnomaly) | A user or service principal has attempted access to anomalously high volume of key vaults in the last 24 hours. This anomalous access pattern may be legitimate activity. Though this attempt was unsuccessful, it could be an indication of a possible attempt to gain access of key vault and the secrets contained within it. We recommend further investigations. | Discovery | Low |
+| **Unusual access denied - User accessing high volume of key vaults denied**<br>(KV_AccountVolumeAccessDeniedAnomaly) | A user or service principal has attempted access to anomalously high volume of key vaults in the last 24 hours. This anomalous access pattern may be legitimate activity. Though this attempt was unsuccessful, it could be an indication of a possible attempt to gain access of key vault and the secrets contained within it. We recommend further investigations. | Discovery | Low |
 | **Unusual access denied - Unusual user accessing key vault denied**<br>(KV_UserAccessDeniedAnomaly) | A key vault access was attempted by a user that does not normally access it, this anomalous access pattern may be legitimate activity. Though this attempt was unsuccessful, it could be an indication of a possible attempt to gain access of key vault and the secrets contained within it.  | Initial Access, Discovery | Low |
 | **Unusual application accessed a key vault**<br>(KV_AppAnomaly)                    | A key vault has been accessed by a service principal that does not normally access it. This anomalous access pattern may be legitimate activity, but it could be an indication that a threat actor  has gained access to the key vault in an attempt to access the secrets contained within it. We recommend further investigations.                                                                                                                                                                                                                            | Credential Access                            | Medium   |
 | **Unusual operation pattern in a key vault**<br>(KV_OperationPatternAnomaly)        | An anomalous pattern of key vault operations was performed by a user, service principal, and/or a specific key vault. This anomalous activity pattern may be legitimate, but it could be an indication that a threat actor has gained access to the key vault and the secrets contained within it. We recommend further investigations.                                                                                                                                                                                                                         | Credential Access                            | Medium   |
